Application Security Vulnerability Engineer

Title: Application Security Vulnerability Engineer

Location: Remote (Preferred: Bethlehem, PA)

Duration: 6 Months

Team: Application Security Overview We are seeking a Vulnerability Engineer to join our Application Security team and support the day-to-day operations of a mature vulnerability management program. This individual will work closely with application development, cloud engineering, infrastructure, and security teams to identify, assess, prioritize, and drive remediation of vulnerabilities across a diverse technology environment.

The ideal candidate combines strong technical vulnerability management expertise with the ability to collaborate effectively across distributed teams and communicate risk in a way that enables action. This role is an individual contributor position with no people management responsibilities and will operate as part of a globally distributed team with resources located in both the United States and India.

Key Responsibilities

• Manage and support vulnerability management activities across applications, cloud environments, containers, and supporting infrastructure.
• Perform vulnerability analysis, validation, prioritization, and remediation tracking using industry-standard security tools.
• Partner with application development teams to identify security risks and provide practical remediation recommendations.
• Analyze findings from application security, cloud security, container security, and external attack surface management platforms.
• Drive vulnerability lifecycle management from identification through remediation and closure.
• Support risk-based prioritization efforts by evaluating exploitability, business impact, exposure, and threat intelligence.
• Collaborate with engineering teams to establish remediation timelines and ensure security findings are addressed appropriately.
• Monitor and report on vulnerability trends, remediation metrics, and overall program effectiveness.
• Participate in vulnerability reviews, security assessments, and operational security activities.
• Assist with improving vulnerability management processes, automation opportunities, and operational efficiencies.
• Support external security posture monitoring and vendor risk visibility initiatives.

Required Qualifications

• 5 7 years of experience in Vulnerability Management, Application Security, Security Engineering, or related Cybersecurity disciplines.
• Strong understanding of vulnerability management frameworks, risk scoring methodologies, and remediation practices.
• Experience using vulnerability management platforms such as / Tenable SaaS.
• Experience working with modern cloud-native and containerized environments.
• Familiarity with container security concepts and vulnerability management within Kubernetes, Docker, or similar environments.
• Experience collaborating directly with software development teams to remediate security findings.
• Knowledge of common application security vulnerabilities including the OWASP Top 10.
• Strong understanding of CVEs, CVSS scoring, exploitability analysis, and security risk assessment.
• Ability to communicate technical findings and risk posture to both technical and non-technical stakeholders.
• Experience working within globally distributed teams.

Preferred Qualifications

• Hands-on experience with:
• Prisma Cloud
• Snyk
• SecurityScorecard
• BitSight
• Experience supporting cloud environments within AWS, Azure, or Google Cloud Platform.
• Understanding of Software Development Lifecycle (SDLC) and secure development practices.
• Familiarity with CI/CD security integrations and DevSecOps methodologies.
• Experience supporting container security and software supply chain security initiatives.
• Security certifications such as Security+, GSEC, GCIH, GPEN, CISSP, or comparable credentials. What Success Looks Like
• Vulnerabilities are accurately triaged and prioritized based on risk.
• Application and engineering teams receive actionable remediation guidance.
• Remediation SLAs are consistently met or exceeded.
• Security tooling is effectively leveraged to improve visibility and reduce organizational risk.
• Strong collaboration is maintained across US and India-based security and engineering teams.