Cyber Security Specialist

L3: Vulnerability Management Specialist

Summary

The Vulnerability Management Specialist – Application Security is responsible for end‑to‑end management of application security vulnerabilities across the SDLC using SAST, DAST, and SCA tools, with a strong focus on risk‑based prioritization, remediation tracking, and posture visibility through ASPM platforms.

Technical Skills

Strong hands‑on experience with:

• SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)
• DAST tools and runtime testing approaches
• SCA / OSS security and dependency risk analysis

Working knowledge of ASPM platforms and vulnerability aggregation.

Understanding of OWASP Top 10, secure coding practices, and application threat models.

Soft Skills:

• Must be from global support background.
• Strong documentation, presentation, and communication skills

Experience

• 8-10 + years of experience in application security or vulnerability management roles.
• Experience supporting enterprise‑scale AppSec programs with multiple applications and teams.

Key -Responsibilities

• Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)
• Hand-off findings to development teams for remediation
• Provide technical remediation assistance to product development teams
• Track and report remediation progress
• Facilitate extension requests for remediation timelines
• Collaborate across teams using JIRA for ticketing and dashboards
• Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.
• Should have good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.
• Good understanding of information security related fields, including security operations and administration
• Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization
• Good understanding of vulnerability reports from tools like Qualys/ Tenable etc.
• Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus
• Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties
• Knowledge on vulnerability exception management process
• Strong practical knowledge on presenting vulnerability remediation tracking updates to the management
• Hands on experience on vulnerability patching
• Should have a good customer handling skill
• Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.