Application Security Vulnerability Assessment Engineer - AE 26-01198
About The Position
A large enterprise organization is seeking an experienced Application Security Vulnerability Assessment Engineer to identify, validate, and provide remediation guidance for vulnerabilities across a diverse application portfolio. This role focuses on operating and fine-tuning SAST/DAST tools to establish high-fidelity security baselines, performing manual validation of findings, and delivering actionable remediation guidance to development teams. The position also includes leading knowledge transfer sessions to upskill internal staff on application security best practices. The Engineer will be responsible for maintaining continuous application security coverage by leveraging automated and manual assessment techniques. The role requires deep technical expertise in vulnerability assessment, strong communication skills to partner effectively with development teams, and the ability to produce defensible, audit-ready security documentation.
Requirements
- Minimum of 12 years of hands-on experience in Application Security, Vulnerability Assessment, or Penetration Testing
- Advanced knowledge of OWASP Top 10 and NIST 800-53
- Practical experience configuring and operating SAST/DAST tools (AppScan, Veracode, Burp Suite)
- Proven ability to clearly explain technical vulnerabilities and provide design-level remediation guidance
- Strong proficiency with CVSS scoring to align technical severity with business impact and data sensitivity
Nice To Haves
- Experience assessing cloud-native applications , APIs, and microservices (AWS, Azure, GCP)
- Strong understanding of Agile and SDLC processes
- Advanced manual testing skills to validate automated findings and identify complex business logic flaws
- Experience working in large, complex enterprise or public-sector environments
Responsibilities
- Operate and maintain industry-standard SAST/DAST tools (e.g., AppScan, Veracode, Burp Suite)
- Scope application assessments by identifying critical components, integrations, and APIs
- Configure and fine-tune scan profiles to reduce false positives and ensure consistent, high-quality results
- Manage the full lifecycle of authenticated and unauthenticated security scans, including scheduling and profile management
- Validate automated findings through manual testing and exploit reproduction
- Document false positives with detailed root-cause analysis and technical justification
- Identify recurring vulnerability patterns and systemic architectural weaknesses
- Produce clear, defensible vulnerability reports with technical evidence and executive-level summaries
- Prioritize remediation efforts by correlating technical severity, business criticality, and data sensitivity
- Partner with development teams to translate security findings into actionable remediation requirements
- Provide prescriptive coding and design-level mitigation guidance
- Recommend and implement compensating controls when direct remediation is not immediately feasible
- Lead technical walkthroughs and working sessions to reduce time-to-fix
- Conduct structured knowledge transfer sessions to train internal teams on assessment methodologies and security best practices
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Mid Level
Education Level
No Education Listed
