




Job Summary: Mid-level engineer to identify, manage, and remediate application vulnerabilities throughout the software development lifecycle. Key Highlights: 1. Identify and manage application vulnerabilities 2. Security assessments and vulnerability remediation 3. Technical curiosity and hands-on experience in vulnerability analysis Application Security Vulnerability Management Engineer (Mid-Level) Position Purpose We are seeking a mid-level engineer to identify, manage, and remediate application vulnerabilities throughout the software development lifecycle (SDLC). This role plays a key part in maintaining our security posture for web, mobile, and cloud-based applications. Ideal candidates will possess deep technical curiosity and practical experience in vulnerability analysis, security assessments, prioritization, and coordination of remediation actions. Responsibilities * Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk. * Validate results from automated scanners, analyze false positives, and track findings through to remediation—including re-verification to confirm effectiveness of fixes. * Manage multiple application security initiatives simultaneously while meeting strict deadlines in a fast-paced environment. * Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood—applying industry best practices (e.g., CVSS scoring). * Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and Mean Time to Remediate (MTTR). * Support integration of security analysis and vulnerability management workflows into CI/CD pipelines, leveraging existing tools and automation. * Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis. * Support threat modeling and application risk assessments, with focus on identifying insecure design patterns. * Participate, as needed, in high-severity or zero-day vulnerability response activities—including impact analysis and coordinated remediation actions. * Contribute to development of policies and standards related to application and cloud security controls. Requirements and Qualifications * Bachelor’s degree in Information Technology, Cybersecurity, Computer Engineering, or related field—or equivalent demonstrable professional experience. * 5–7 years of relevant experience in application security and/or vulnerability management. * Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles. * Proficiency with Burp Suite for manual web and API security testing—including validation of automated findings and identification of complex authentication, authorization, and business logic vulnerabilities. * Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap). * Familiarity with frameworks including NIST, MITRE ATT&CK, and CIS benchmarks. * Programming and scripting proficiency in languages such as Python, Java, .NET, or similar. * Excellent documentation, communication, and stakeholder management skills. Preferred Qualifications * Professional certifications (e.g., Security+, SSCP, GWAPT, or actively pursuing CISSP or OSCP). * Experience with ServiceNow for vulnerability or incident tracking. * Proficiency in Azure Cloud and Azure DevOps environments. * Experience with Power BI or similar tools to visualize vulnerability metrics and remediation trends for both technical and non-technical stakeholders. PTYTECH is an IT staffing firm working to simplify the connection between innovative companies and reliable tech talent. Founded on the basis of providing our clients and candidates confidence in their next hire or career opportunity, our staffing experts work diligently to place IT professionals quickly and at the most affordable cost on the market. Our average placement time of 48-72 hours combined with our very low attrition rate result in lower project deployment costs for our clients. Additionally, we ensure that we vet the organizations that we work with just as thoroughly as we do our candidates, optimizing these professionals for success in their new roles.


