Job Description
Job Title: Vulnerability Management Engineer – Application Security (Mid-Level)
Basic Purpose: We are seeking a mid-level engineer to identify, manage, and remediate application vulnerabilities throughout the software development lifecycle. This role plays a key part in maintaining our security posture across web, mobile, and cloud-based applications. Ideal candidates will have deep technical curiosity and practical experience with vulnerability scanning, security assessments, prioritization, and coordination of remediation efforts.
Responsibilities
• Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk.
• Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes.
• Manage multiple application security initiatives concurrently while meeting strict timelines in a fast paced environment.
• Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring).
• Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and mean time to remediation (MTTR).
• Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation.
• Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
• Support threat modeling and application risk assessments, with a focus on discovering insecure design patterns.
• Participate in high‑severity or zero‑day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed.
• Provide input into policies and standards related to application and cloud security controls.
Qualifications and Education Requirements
• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or related discipline—or equivalent professional experience.
• 5-7 years of relevant experience in application security and/or vulnerability management.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
• Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business‑logic vulnerabilities.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
• Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
• Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
• Excellent documentation, communication, and stakeholder engagement skills.
Desired Skills
• Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
• Experience using the ServiceNow platform for vulnerability or incident tracking.
• Proficiency in Azure cloud and Azure DevOps environments.
• Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.
͏
Areas of responsibility
Monitoring and Incident Detection-Analyse attack trends and correlate logs across systems to identify advance threats. Enhance monitoring processes and implement improvements for faster detection, to ensure compliance with security frameworks and regulatory standards.
Incident Handling and Analysis-Perform root cause analysis, create incident response plans and implement disaster recovery measures to minimize business disruption
Threat Assessment and Analytics-Undertake forensic analysis using advanced analytics tools and implement mitigation measures to align with compliance requirements.
Stakeholder Coordination and Audit Assistance-"Liaise with cross functional teams, external vendors and auditors to ensure compliance with security frameworks.
Maintain audit documentation and ensure its accuracy while implementing processes that support audit readiness and continuous compliance."
Training and Awareness-Assist in creating and delivering cybersecurity awareness sessions, including guidance on phishing and malicious emails.
͏
͏
͏
Experience: 5-8 Years .
Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.