Senior Vulnerability Management Engineer (AppSec & Cloud)

Role :- IAM Engineer(ASM - Attack Surface Management - Scanning) L2

Location: - Somerset New Jersey

Security ISRM IAM ASM

Summary
We are seeking a technically strong Vulnerability Management Analyst / Engineer to lead vulnerability identification prioritization and remediation across infrastructure web applications and cloud environments. This role combines hands on scanning threat informed prioritization cross functional remediation coordination to reduce risk and improve time to remediation.

Experience

• 5 years of vulnerability management application security or penetration testing experience preferred.

Key Responsibilities

• Lead the end-to-end vulnerability management lifecycle: discovery validation risk based prioritization remediation coordination and remediation verification.
• Execute vulnerability assessments across on-premises cloud (AWS Azure GCP) containerized infrastructure and web application environments to maintain comprehensive asset coverage and risk visibility.
• Perform and validate infrastructure application and dynamic web testing (DAST) including manual verification of OWASP Top 10 and SANS Top 25 vulnerabilities (e.g. SQLi XSS CSRF SSRF IDOR auth bypass) using industry standard tools (Tenable Wiz Qualys Rapid7 Burp Suite OWASP ZAP).
• Apply threat informed prioritization using CVSS EPSS CISA advisories exploit intelligence and business impact to reduce critical risk and mean time to remediation (MTTR).
• Operate tune and optimize vulnerability scanning platforms asset discovery and reporting pipelines to ensure accurate coverage and actionable findings.
• Partner with Infrastructure Engineering DevOps Application Cloud Threat Intelligence and Automation teams to drive remediation establish secure baselines and respond to zero day or imminent threats.
• Produce and present technical and executive level reports dashboards and metrics highlighting remediation SLAs risk reduction and program maturity.
• Contribute to security best practices secure coding standards threat modeling and risk assessments for application and infrastructure initiatives.
• Stay current on emerging vulnerabilities attack techniques and vulnerability management tooling to continuously improve program effectiveness.

Required Qualifications & Skills

• Proven experience identifying validating and remediating vulnerabilities across web applications networks systems and cloud environments.
• Hands on proficiency with VM assessment and application security tools like: Tenable (Nessus/VMDR) Wiz Qualys Rapid7 Burp Suite OWASP ZAP Checkmarks Veracode Insight AppSec.
• Familiarity with vulnerability prioritization frameworks and metrics (OWASP Top 10 SANS Top 25 CVSS EPSS/CISA).
• Strong analytical problem solving and written/verbal communication skills with ability to translate technical findings to business stakeholders.

Preferred

• Relevant certifications: OSCP GWAPT CEH CSSLP or equivalent.
• Experience with penetration testing exploit development or application security architecture reviews.
• Knowledge of regulatory and compliance frameworks (PCI DSS GDPR HIPAA CIS NIST ISO).
• Experience with external exposure monitoring and third party risk tools (Shodan SSLScan Security Scorecard BitSight).
• Demonstrated success driving scale ready VM processes SLAs and executive reporting.
• Conduct cloud native and container vulnerability scanning and embed security controls and testing into CI/CD pipelines.
• Strong manual testing skills for web application vulnerabilities and exploit validation.
• Basic to intermediate programming/scripting skills (Python required/preferred; also PowerShell Bash; familiarity with JavaScript Java or C# a plus).