Application Security Vulnerability Engineer
Posted Today by Sriven Systems Inc.
Negotiable
Undetermined
Remote
Remote
Summary: The Application Security Vulnerability Engineer will support the operations of a mature vulnerability management program, collaborating with various teams to identify, assess, and remediate vulnerabilities in a diverse technology environment. This role requires strong technical expertise in vulnerability management and effective communication skills to drive action across distributed teams. The position is an individual contributor role with no management responsibilities, operating within a globally distributed team. The ideal candidate will have a solid background in application security and vulnerability management practices.
Key Responsibilities:
- Manage and support vulnerability management activities across applications, cloud environments, containers, and supporting infrastructure.
- Perform vulnerability analysis, validation, prioritization, and remediation tracking using industry-standard security tools.
- Partner with application development teams to identify security risks and provide practical remediation recommendations.
- Analyze findings from application security, cloud security, container security, and external attack surface management platforms.
- Drive vulnerability lifecycle management from identification through remediation and closure.
- Support risk-based prioritization efforts by evaluating exploitability, business impact, exposure, and threat intelligence.
- Collaborate with engineering teams to establish remediation timelines and ensure security findings are addressed appropriately.
- Monitor and report on vulnerability trends, remediation metrics, and overall program effectiveness.
- Participate in vulnerability reviews, security assessments, and operational security activities.
- Assist with improving vulnerability management processes, automation opportunities, and operational efficiencies.
- Support external security posture monitoring and vendor risk visibility initiatives.
Key Skills:
- 5-7 years of experience in Vulnerability Management, Application Security, Security Engineering, or related Cybersecurity disciplines.
- Strong understanding of vulnerability management frameworks, risk scoring methodologies, and remediation practices.
- Experience using vulnerability management platforms such as Tenable SaaS.
- Experience working with modern cloud-native and containerized environments.
- Familiarity with container security concepts and vulnerability management within Kubernetes, Docker, or similar environments.
- Experience collaborating directly with software development teams to remediate security findings.
- Knowledge of common application security vulnerabilities including the OWASP Top 10.
- Strong understanding of CVEs, CVSS scoring, exploitability analysis, and security risk assessment.
- Ability to communicate technical findings and risk posture to both technical and non-technical stakeholders.
- Experience working within globally distributed teams.
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Title: Application Security Vulnerability Engineer
Location: Remote (Preferred: Bethlehem, PA)
Duration: 6 Months
Team: Application Security Overview We are seeking a Vulnerability Engineer to join our Application Security team and support the day-to-day operations of a mature vulnerability management program. This individual will work closely with application development, cloud engineering, infrastructure, and security teams to identify, assess, prioritize, and drive remediation of vulnerabilities across a diverse technology environment.
The ideal candidate combines strong technical vulnerability management expertise with the ability to collaborate effectively across distributed teams and communicate risk in a way that enables action. This role is an individual contributor position with no people management responsibilities and will operate as part of a globally distributed team with resources located in both the United States and India.
Key Responsibilities
- Manage and support vulnerability management activities across applications, cloud environments, containers, and supporting infrastructure.
- Perform vulnerability analysis, validation, prioritization, and remediation tracking using industry-standard security tools.
- Partner with application development teams to identify security risks and provide practical remediation recommendations.
- Analyze findings from application security, cloud security, container security, and external attack surface management platforms.
- Drive vulnerability lifecycle management from identification through remediation and closure.
- Support risk-based prioritization efforts by evaluating exploitability, business impact, exposure, and threat intelligence.
- Collaborate with engineering teams to establish remediation timelines and ensure security findings are addressed appropriately.
- Monitor and report on vulnerability trends, remediation metrics, and overall program effectiveness.
- Participate in vulnerability reviews, security assessments, and operational security activities.
- Assist with improving vulnerability management processes, automation opportunities, and operational efficiencies.
- Support external security posture monitoring and vendor risk visibility initiatives.
Required Qualifications
- 5 7 years of experience in Vulnerability Management, Application Security, Security Engineering, or related Cybersecurity disciplines.
- Strong understanding of vulnerability management frameworks, risk scoring methodologies, and remediation practices.
- Experience using vulnerability management platforms such as / Tenable SaaS.
- Experience working with modern cloud-native and containerized environments.
- Familiarity with container security concepts and vulnerability management within Kubernetes, Docker, or similar environments.
- Experience collaborating directly with software development teams to remediate security findings.
- Knowledge of common application security vulnerabilities including the OWASP Top 10.
- Strong understanding of CVEs, CVSS scoring, exploitability analysis, and security risk assessment.
- Ability to communicate technical findings and risk posture to both technical and non-technical stakeholders.
- Experience working within globally distributed teams.
Preferred Qualifications
- Hands-on experience with:
- Prisma Cloud
- Snyk
- SecurityScorecard
- BitSight
- Experience supporting cloud environments within AWS, Azure, or Google Cloud Platform.
- Understanding of Software Development Lifecycle (SDLC) and secure development practices.
- Familiarity with CI/CD security integrations and DevSecOps methodologies.
- Experience supporting container security and software supply chain security initiatives.
- Security certifications such as Security+, GSEC, GCIH, GPEN, CISSP, or comparable credentials. What Success Looks Like
- Vulnerabilities are accurately triaged and prioritized based on risk.
- Application and engineering teams receive actionable remediation guidance.
- Remediation SLAs are consistently met or exceeded.
- Security tooling is effectively leveraged to improve visibility and reduce organizational risk.
- Strong collaboration is maintained across US and India-based security and engineering teams.