SAST Implementation SME

Kforce has a client in Tampa, FL that is seeking a SAST Implementation SME who will focus on integrating and optimizing Static Application Security Testing (SAST) tools and processes across the organization. This leadership role will guide the implementation, and operationalization, ensuring alignment with secure coding standards and organizational objectives. The SME will influence process improvements, tool migration strategies, and the development of training and best practices. Key Responsibilities:

• Serve as the delegate for the Project Lead, supporting program execution and stakeholder engagement
• Lead the selection, proof-of-concept (PoC), configuration, and implementation of SAST tools (e.g., Checkmarx, Veracode, SonarQube, Fortify) within development environments and CI/CD pipelines
• Define and optimize policies, standards, and workflows for SAST integration and vulnerability management
• Collaborate with engineering, security, and product teams to embed SAST into the Software Development Lifecycle (SDLC) and DevSecOps pipelines
• Guide the development of secure coding training and awareness programs
• Monitor industry trends to recommend enhancements to SAST tool implementation and utilization methodologies
• Establish metrics and reporting frameworks to measure program effectiveness and progress
• Support troubleshooting and escalation management for SAST-related issues in collaboration with technical teams and vendors
• High School diploma/GED required
• SAST Expertise: Deep understanding of SAST tools and their deployment, configuration, and optimization
• Secure Coding Practices: Strong knowledge of vulnerability prevention techniques and standards (e.g., OWASP Top 10, CWE/SANS Top 25)
• Tooling Knowledge: Familiarity with Checkmarx, Veracode, SonarQube, Fortify, and related technologies
• DevSecOps Integration: Experience embedding SAST into CI/CD pipelines and automating security checks
• SCA Expertise: Deep understanding of SCA principles, tools, and best practices for managing open-source and third-party components
• Software Supply Chain Security: Strong knowledge of vulnerability prevention, license compliance, and SBOM management
• Tooling Knowledge: Familiarity with Endor Labs, Mend/WhiteSource, Black Duck, Snyk, and related technologies
• DevSecOps Integration: Experience embedding SCA into CI/CD pipelines and automating security checks
• Program Leadership: Ability to guide large-scale security initiatives, manage tool migrations, and optimize processes
• Strategic Communication: Skilled in influencing stakeholders and articulating program goals and improvements
• Risk Assessment: Experience assessing vulnerabilities and license risks in third-party components