At Fluor, we are proud to design and build projects and careers. We are committed to fostering a welcoming and collaborative work environment that encourages big-picture thinking, brings out the best in our employees, and helps us develop innovative solutions that contribute to building a better world together. If this sounds like a culture you would like to work in, you’re invited to apply for this role.
Fluor is a leading government contractor with a proven track record of delivering high‑value technical solutions around the world to U.S. government agencies such as the DOE, NNSA, the Department of Defense and the Intelligence Community.
Job Description
The AppSec / DevSecOps Engineer is responsible for ensuring the security of code development processes and applications, with a focus on both traditional and AI-driven solutions. This position will work closely with internal IT teams, internal customers, and external vendors, contributing to robust security practices and risk management across the organization.
- Define and implement security testing strategies for AI solutions, utilizing both grey box and black box methodologies.
- Grey Box Testing: Conduct Static Application Security Testing (SAST), dependency scanning, secrets scanning, Infrastructure as Code (IaC) scanning, and configuration reviews.
- Black Box Testing: Perform Dynamic Application Security Testing (DAST), API fuzzing, authentication testing, and rate-limit tests.
- AI-Specific Security Tests: Execute prompt injection checks, jailbreaking resistance assessments, tool misuse evaluations, and leakage tests tailored for AI applications.
- Review remediation efforts and verify fixes prior to production deployment.
- Conduct thorough risk assessments of new and existing applications, identifying vulnerabilities and security gaps.
- Analyze and interpret security assessment findings, providing actionable recommendations to mitigate risks.
- Collaborate with software development teams to implement security best practices and ensure secure coding standards.
- Stay current with emerging threats, vulnerabilities, and industry trends, integrating this knowledge into risk assessment processes.
- Participate in security reviews to evaluate and validate the effectiveness of security controls.
- Provide technical guidance and support for incident response efforts related to application security incidents.
- Review and validate contracts, Statements of Work (SOW), and Data Processing Agreements (DPAs).
- Develop and maintain Data Loss Prevention (DLP) policy standards, reusable templates, naming conventions, and engineering runbooks.
Basic Job Requirements
- Accredited four (4) year degree or global equivalent in applicable field of study and five (5) years of work-related experience or a combination of education and directly related experience equal to nine (9) years if non-degreed; some locations may have additional or different qualifications in order to comply with local requirements
- Ability to communicate effectively with audiences that include but are not limited to management, coworkers, clients, vendors, contractors, and visitors
- Job related technical knowledge necessary to complete the job
- Ability to learn and apply knowledge of applicable local, state/province, and federal/national statutes and guidelines
Preferred Qualifications
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Experience with security testing tools and methodologies (SAST, DAST, dependency scanning, API fuzzing, etc.).
- Familiarity with AI security concerns, including prompt injection and jailbreaking resistance.
- Strong understanding of secure coding practices and application risk assessment.
- Effective communication and collaboration skills for working with cross-functional teams and external partners.
- Ability to develop and maintain technical documentation, policy standards, and runbooks.
- This position will collaborate with internal IT teams, internal customers, and outside vendors.
- Proven experience (5 years) as an IT Security Analyst or similar role, with a focus on application security, Azure Active Directory, conditional access policies, and single sign-on (SSO) configurations
- Ability to effectively adapt to rapidly changing technology and apply it to business needs
- Demonstrated strong technical and non-technical communication skills, both oral and written
- Strong team-oriented interpersonal skills
- Proficiency in scripting or programming languages (e.g., Python, JavaScript, Java) is a plus
- Excellent communication skills to convey complex technical concepts to non-technical stakeholders
- Strong problem-solving skills
- Strong organizational skills and attention to detail, especially concerning note taking when evaluating applications and attending meetings
- Organize and prioritize a variety of projects and multiple tasks in an effective and timely manner, set priorities, and meet deadlines
We are an equal opportunity employer. All qualified individuals will receive consideration for employment without regard to race, color, age, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, genetic information, or any other criteria protected by governing law.
Benefits Statement: Fluor is proud to offer a comprehensive benefits package designed to promote employee health, wellness, and financial security. Our offerings include medical, dental and vision plans, EAP, disability coverage, life insurance, AD&D, voluntary benefit plans, 401(k) with a company match, paid time off (personal, bereavement, sick, holidays) for salaried employees, paid sick leave per state requirement for craft employees, parental leave, and training and development courses.
Market Rate Statement: The market rate for the role is typically at the mid-point of the salary range; however, variations in final salary are determined by additional factors such as the candidate’s qualifications, relevant years of experience, geographic location, internal pay equity, and prevailing market conditions for the specific role.
Notice to Candidates: Background checks are carried out as part of any conditional offer made, including (but not limited to & role dependent) education, professional registration, employment, references, passport verifications and Global Watchlist screening.
To be Considered Candidates: Must be authorized to work in the country where the position is located.
Salary Range: -
