Vulnerability Management Specialist – Application Security

About The Position

Requirements

• Web Application Security
• Mobile Application Security
• API Security
• SAST (Static Application Security Testing)
• SCA (Software Composition Analysis)
• Risk Assessment & Prioritization: Ability to assess vulnerabilities based on risk, not just severity—considering CVSS scores, exploitability, asset criticality, business impact, and threat intelligence to prioritize remediation effectively.
• Vulnerability Scanning & Tool Proficiency: Hands-on expertise with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7, OpenVAS) and the ability to interpret scan results accurately, reduce false positives, and tune scans for different environments.
• Patch & Remediation Management: Strong coordination skills to drive timely patching and mitigation—working with IT, cloud, DevOps, and application teams to remediate vulnerabilities while minimizing operational and business disruption.
• Reporting & Stakeholder Communication: Ability to translate technical vulnerability data into clear, actionable reports for different audiences (engineers, management, auditors), including dashboards, trends, SLAs, and risk narratives.
• Compliance & Continuous Improvement: Knowledge of security frameworks and standards and the skill to embed vulnerability management into continuous security processes, audits, and metrics-driven improvement.
• Strong hands on experience with SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)
• DAST tools and runtime testing approaches
• SCA / OSS security and dependency risk analysis
• Working knowledge of ASPM platforms and vulnerability aggregation.
• Understanding of OWASP Top 10, secure coding practices, and application threat models.
• Must be from global support background.
• Strong documentation, presentation, and communication skills
• 8-10 + years of experience in application security or vulnerability management roles.
• Experience supporting enterprise scale AppSec programs with multiple applications and teams.
• Good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.
• Good understanding of information security related fields, including security operations and administration
• Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization
• Good understanding of vulnerability reports from tools like Qualys/ Tenable etc.
• Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties
• Knowledge on vulnerability exception management process
• Should have a good customer handling skill

Nice To Haves

• Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.
• Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus.
• Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.

Responsibilities

• Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)
• Hand-off findings to development teams for remediation
• Provide technical remediation assistance to product development teams
• Track and report remediation progress
• Facilitate extension requests for remediation timelines
• Collaborate across teams using JIRA for ticketing and dashboards
• Present vulnerability remediation tracking updates to management
• Hands on experience on vulnerability patching