Vulnerability Management & Application Security Liaison SPOC

Delan AssociatesIselin / Charlotte(, NC
Hybrid

About The Position

This role serves as the primary point of contact (SPOC) for vulnerability management and application security, focusing on infrastructure and full-stack triage, automation, platform transformation, and cross-functional orchestration. The position involves analyzing infrastructure-adjacent flaws, overseeing containerized security, collaborating on data-layer risks, and cross-referencing application flaws with host and container vulnerabilities to assess runtime risk. Key responsibilities include tracking Internal Developer Platform (IDP) adoption, measuring AI security adoption, governing test automation within CI pipelines, and building dashboards for automation maturity and remediation velocity. The role also involves acting as the SPOC for App Dev, AppSec, and Production Support teams to prioritize and resolve software flaws, enforcing remediation SLAs, governing exception management, and integrating security fixes with Change Management protocols.

Requirements

  • Foundational knowledge of AppSec Tooling: 3+ years managing workflows in Checkmarx (SAST) and Black Duck (SCA).
  • Strong foundational knowledge of Infrastructure Stack: Linux, Windows Server, OpenShift Container Platform (OCP), databases, and middleware technologies.
  • Practical understanding of Modern Engineering Frameworks: Internal Developer Platforms (IDPs) and DevSecOps pipelines.
  • Direct experience tracking or managing test automation frameworks and AI-assisted coding/security tools.

Responsibilities

  • Analyze infrastructure-adjacent flaws by applying a solid understanding of Linux and Windows operating system vulnerabilities.
  • Oversee containerized security within OpenShift Container Platform (OCP), ensuring image scanning findings are triaged effectively.
  • Collaborate on data-layer risk, tracking and managing vulnerabilities related to databases (e.g., Oracle, SQL Server, PostgreSQL) and core middleware components (e.g., Apache, Tomcat, WebSphere).
  • Cross-reference application flaws (Checkmarx/Black Duck) with host-level and container-level vulnerabilities to determine the true, contextual runtime risk.
  • Track IDP Adoption: Partner with Platform Engineering to ensure development squads migrate to the Internal Developer Platform, standardizing secure guardrails.
  • Measure AI Security Adoption: Track and report metrics on how effectively developers utilize AI-driven security companions to triage and fix code flaws.
  • Govern Test Automation: Collaborate with QA and DevOps to embed automated security gates seamlessly into continuous integration pipelines.
  • Continuous Monitoring: Build dashboards that display automation maturity, remediation velocity, and the reduction of manual security operations.
  • Act as the primary SPOC aligning App Dev, AppSec, and Production Support teams to prioritize and resolve software flaws.
  • Enforce remediation SLAs ensuring security patches are delivered according to corporate compliance and risk thresholds.
  • Govern the Exception Management workflow, reviewing developer risk-acceptance requests and documenting temporary business justifications.
  • Integrate security fixes with Change Management protocols (e.g., ServiceNow) to ensure production support stability remains intact during deployments.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service