Application Security Vulnerability Assessment Engineer AE 26-01198

Job Title: Application Security Vulnerability Assessment Engineer

Location: Brooklyn NY 11201
Duration: 2-year contract

Position Overview

A large enterprise organization is seeking an experienced Application Security Vulnerability Assessment Engineer to identify validate and provide remediation guidance for vulnerabilities across a diverse application portfolio. This role focuses on operating and fine-tuning SAST/DAST tools to establish high-fidelity security baselines performing manual validation of findings and delivering actionable remediation guidance to development teams. The position also includes leading knowledge transfer sessions to upskill internal staff on application security best practices.

Scope of Services

The Engineer will be responsible for maintaining continuous application security coverage by leveraging automated and manual assessment techniques. The role requires deep technical expertise in vulnerability assessment strong communication skills to partner effectively with development teams and the ability to produce defensible audit-ready security documentation.

Key Responsibilities

• Operate and maintain industry-standard SAST/DAST tools (e.g. AppScan Veracode Burp Suite)

• Scope application assessments by identifying critical components integrations and APIs

• Configure and fine-tune scan profiles to reduce false positives and ensure consistent high-quality results

• Manage the full lifecycle of authenticated and unauthenticated security scans including scheduling and profile management

• Validate automated findings through manual testing and exploit reproduction

• Document false positives with detailed root-cause analysis and technical justification

• Identify recurring vulnerability patterns and systemic architectural weaknesses

• Produce clear defensible vulnerability reports with technical evidence and executive-level summaries

• Prioritize remediation efforts by correlating technical severity business criticality and data sensitivity

• Partner with development teams to translate security findings into actionable remediation requirements

• Provide prescriptive coding and design-level mitigation guidance

• Recommend and implement compensating controls when direct remediation is not immediately feasible

• Lead technical walkthroughs and working sessions to reduce time-to-fix

• Conduct structured knowledge transfer sessions to train internal teams on assessment methodologies and security best practices

Mandatory Skills & Experience

Note: Candidates who do not meet the mandatory requirements will not be considered.

• Minimum of 12 years of hands-on experience in Application Security Vulnerability Assessment or Penetration Testing

• Advanced knowledge of OWASP Top 10 and NIST 800-53

• Practical experience configuring and operating SAST/DAST tools (AppScan Veracode Burp Suite)

• Proven ability to clearly explain technical vulnerabilities and provide design-level remediation guidance

• Strong proficiency with CVSS scoring to align technical severity with business impact and data sensitivity

Desirable Skills & Experience

• Experience assessing cloud-native applications APIs and microservices (AWS Azure GCP)

• Strong understanding of Agile and SDLC processes

• Advanced manual testing skills to validate automated findings and identify complex business logic flaws

• Experience working in large complex enterprise or public-sector environments

For more details reach at

About Navitas Partners LLC: It is a certified WBENC and one of the fastest-growing Technical / IT staffing firms in the US providing services to numerous clients. We offer the most competitive pay for every position. We understand this is a partnership. You will not be blindsided and your salary will be discussed upfront.