Vulnerability Management Engineer – Application Security (Mid-Level)

Accountabilities:

• Execute and support application security assessments (SAST, DAST, SCA, and manual testing) to identify and validate vulnerabilities across applications.
• Analyze and triage security findings, including false-positive identification and risk-based prioritization using frameworks such as CVSS.
• Track vulnerabilities through remediation cycles, perform retesting, and ensure effective resolution of security issues.
• Collaborate with development and DevOps teams to integrate security scanning tools into CI/CD pipelines and improve automation.
• Develop dashboards and reports to monitor vulnerability metrics, SLAs, MTTR, and overall security posture.
• Support threat modeling, risk assessments, and secure design reviews to prevent insecure architecture patterns.
• Participate in incident response activities for critical vulnerabilities, including zero-day scenarios when required.
• Provide security recommendations, documentation, and guidance to improve application and cloud security controls.

Requirements:

• 5–7 years of experience in application security, vulnerability management, or related cybersecurity roles.
• Strong understanding of OWASP Top 10, secure coding practices, and application security principles.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and similar security tools.
• Ability to perform manual security testing of web applications and APIs, including authentication and authorization analysis.
• Familiarity with security frameworks such as NIST, MITRE ATT&CK, and CIS benchmarks.
• Proficiency in scripting or programming (e.g., Python, Java, .NET, or similar).
• Experience working with CI/CD environments and DevSecOps practices.
• Strong communication, documentation, and stakeholder collaboration skills.
• Experience with ServiceNow, Azure/Azure DevOps, or vulnerability reporting tools is a plus.
• Security certifications (e.g., Security+, GWAPT, SSCP, OSCP, CISSP in progress) are considered an advantage.

Benefits:

• Competitive compensation aligned with experience and market standards.
• Remote work flexibility for candidates based in LATAM, or onsite opportunity in Valencia, Spain.
• Exposure to global enterprise-scale security environments and modern cloud technologies.
• Opportunity to work on high-impact application security initiatives across international teams.
• Career development support within a large, innovation-driven technology organization.
• Access to continuous learning opportunities and professional certification growth.
• Inclusive and diverse work culture with strong emphasis on equal opportunity.