Application Security Engineer — Vulnerability Operations (Mid-Level)

Role: Application Security Engineer - Vulnerability Operations (Mid-Level)

Location: NJ/TX/NC - Hybrid

Role Summary:

The Application Security Engineer supports and enhances enterprise-wide vulnerability management and secure-development processes. This role works closely with engineering teams and the Application Security Champion community to operationalize AppSec controls improve scan coverage triage vulnerabilities and guide remediation across applications. The engineer also contributes to automation governance workflows and continuous improvement initiatives within the Vulnerability Operations program.

Key Responsibilities:

Application Security Operations

Execute and improve SAST DAST SCA and secrets-scanning workflows across CI/CD pipelines.

Analyze and triage vulnerabilities; coordinate remediation with product teams and Application Security Champions.

Ensure accurate tracking and SLA adherence using ServiceNow AVR workflows.

AppSec Champion & Engineering Coordination

Partner with the Application Security Champion team to share best practices communicate emerging vulnerabilities and strengthen decentralized security maturity.

Support Champions in understanding new control requirements and tool adoption.

Automation & CI/CD Integration

Implement and refine CI/CD pipeline integrations for application security scanning tools.

Contribute to policy-as-code rules scanning templates and automation scripts to improve efficiency.

Assist in enabling Tier 3 gating (merge prevention/build failures) for high-risk policy violations.

Governance Reporting & Visibility

Maintain dashboards risk indicators and quarterly migration trackers.

Provide weekly operational summaries and support preparation of executive-level reports.

Participate in risk review discussions providing clear documentation of impacts and mitigations.

Required Qualifications & Skills:

Bachelors degree in Computer Science Cybersecurity Engineering or equivalent practical experience.

4 6 years of experience in Application Security Vulnerability Management or secure software development.

Working knowledge of modern vulnerability classes (OWASP Top 10 API Security Top 10 supply chain risks).

Hands-on experience with SAST DAST SCA or related security scanning tools integrated into CI/CD pipelines.

Familiarity with SDLC processes and secure coding principles.

Experience using workflow/ticketing systems (ServiceNow JIRA).

Strong interpersonal and communication skills for working with engineering teams and AppSec Champions.

Preferred Qualifications:

Experience with ServiceNow AVR automation or dashboarding.

Scripting experience (Python Bash PowerShell) for automation and tooling improvements.

Background in cloud-native environments (AWS Azure or GCP).

Certifications such as GWAPT CSSLP Security or equivalent.