Python, GitHub, Jenkins, BurpSuite, Fortify, NET, CSSLP, GWAPT, Checkmarx, triage, Manage, veracode, Application Security Engineer (SAST/DAST Focus)OverviewWe are seeking an Application Security Engineer to support Chevron’s secure software development initiatives This role will focus on implementing and managing SAST/DAST tooling, integrating security into the SDLC, and improving application-level risk postureKey Responsibilities• Implement, and optimize SAST and DAST tools across application environments• Integrate security testing into CI/CD pipelines (DevSecOps practices)• Perform code reviews and vulnerability assessments• Identify, and remediate application vulnerabilities (OWASP Top 10)• Partner with development teams to embed secure coding practices• Support threat modeling and security design reviews• Monitor and report on application security posture and risk trends• Assis, SonarQube)o DAST tools (eg, OWASP ZAP)• Solid understanding of:o OWASP Top 10 / secure coding practiceso Web application architecture (APIs, microservices)• Experience integrating security into:o CI/CD pipelines (Azure DevOps, etc)• Familiarity with:o Container security (Docker, Kubernetes)o Open-source scanning (SCA tools)• Programming/scripting knowledge (Java, or similar)• Experience working with developers in an agile environmentNice to Have• Cloud security exposure (Azure preferred)• Experience with IaC security scanning• Certifications (eg, Security+)