Vulnerability Management Engineer – Application Security (Mid-Level)

Required Qualifications

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or related discipline—or equivalent professional experience.
• 5-7 years of relevant experience in application security and/or vulnerability management.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
• Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business‑logic vulnerabilities.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
• Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
• Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
• Excellent documentation, communication, and stakeholder engagement skills.
• Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
• Experience using the ServiceNow platform for vulnerability or incident tracking.
• Proficiency in Azure cloud and Azure DevOps environments.
• Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.