Jobs · Engineering · Missouri

QA Engineer / DevSecOps AnalysT with Security Clearance

CEdge Inc. · St Louis, MO · 2 wk ago
EngineeringFull-time

About the role

The QA Engineer / DevSecOps Analyst owns the quality and security pipeline for all TMS maintenance and programming deliverables. The contract imposes hard security scan obligations—90-day mandatory scans, 10-business-day High-Threat remediation, static scan score maintained at 90 or above—that require a dedicated owner.

Responsibilities

  • Schedule, execute, and report all required 90-day security code scans for critical and external-facing TMS web applications; maintain static scan score ≥ 90 at all times (§2.3.7)
  • Triage scan results: classify vulnerabilities by severity, assign ownership to developers, and track High-Threat remediation to closure within 10 business days (§2.3.7)
  • Operate and maintain the CI/CD pipeline in Azure DevOps: configure build triggers, automated test execution, and gate controls that enforce quality and security standards before merge
  • Develop and maintain automated test suites (unit, integration, regression) for the highest-risk TMS modules; expand coverage during SOW development
  • Execute SOW quality gates: confirm unit, integration, and system test completion; document results with pass/fail criteria; prepare staging packages for MoDOT acceptance
  • Participate in code review from a security and test-coverage perspective; flag testability or security concerns during architecture walkthroughs
  • Track and report security and quality metrics to the Technical Program Manager weekly; produce monthly scan compliance evidence for Program Manager review before invoicing
  • Ensure mirrored workstation environment at CEdge matches MoDOT's security scanning toolchain; coordinate tool updates within 30 days of MoDOT infrastructure change notifications
  • Support ADA/Section 508 accessibility testing for all new and modified web-application deliverables

Requirements

  • Minimum 3 years of software QA, test engineering, or application security experience
  • Hands-on experience with static application security testing (SAST) tools (SonarQube, Veracode, Checkmarx, or equivalent)
  • Experience with CI/CD pipeline configuration in Azure DevOps, Jenkins, or equivalent
  • Experience writing and executing test plans, test cases, and regression suites for .NET web applications
  • Ability to classify and triage CVSS-scored vulnerabilities and communicate remediation priorities to developers
  • Ability to pass MoDOT background check

Qualifications

  • Minimum 1 year of experience similar to MoDOT's technical architecture (.NET, Oracle, Azure DevOps)
  • Experience with OWASP Top 10 and secure coding practices in a .NET context
  • CompTIA Security+, GIAC GWEB, or equivalent security credential
  • Experience with accessibility testing tools for Section 508 compliance (WAVE, axe, NVDA)
  • Missouri residency or St. Louis metro area location
  • Experience managing scan schedules against contractual cadence requirements

Similar jobs