Vulnerability Management Specialist – Application Security
Role: Vulnerability management (Remote, Canada)
Location: Remote (Canada)
Employment Type: Contract
Work Authorization: Open Work Permit (OWP), PR, Canadian Citizen only
Mandatory skills for vulnerability management we are looking for the candidate having below key skills:
Regarding skills for appsec. We need below hands-on experience and not only tool based.
AppSec:
Web Application Security
Mobile Application Security
API Security
SAST (Static Application Security Testing), SCA (Software Composition Analysis)
Vulnerability Management lifecycle
VM: Risk Assessment & Prioritization
Ability to assess vulnerabilities based on risk, not just severity—considering CVSS scores, exploitability, asset criticality, business impact, and threat intelligence to prioritize remediation effectively.
Vulnerability Scanning & Tool Proficiency
Hands-on expertise with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7, OpenVAS) and the ability to interpret scan results accurately, reduce false positives, and tune scans for different environments.
Patch & Remediation Management
Strong coordination skills to drive timely patching and mitigation—working with IT, cloud, DevOps, and application teams to remediate vulnerabilities while minimizing operational and business disruption.
Reporting & Stakeholder Communication
Ability to translate technical vulnerability data into clear, actionable reports for different audiences (engineers, management, auditors), including dashboards, trends, SLAs, and risk narratives.
Compliance & Continuous Improvement
Knowledge of security frameworks and standards and the skill to embed vulnerability management into continuous security processes, audits, and metrics-driven improvement.
Job Description:
"Summary
The Vulnerability Management Specialist – Application Security is responsible for end to end management of application security vulnerabilities across the SDLC using SAST, DAST, and SCA tools, with a strong focus on risk based prioritization, remediation tracking, and posture visibility through ASPM platforms.
Technical Skills
Strong hands on experience with:
• SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)
• DAST tools and runtime testing approaches
• SCA / OSS security and dependency risk analysis
Working knowledge of ASPM platforms and vulnerability aggregation.
Understanding of OWASP Top 10, secure coding practices, and application threat models.
Soft Skills:
• Must be from global support background.
• Strong documentation, presentation, and communication skills
Experience
• 8-10 + years of experience in application security or vulnerability management roles.
• Experience supporting enterprise scale AppSec programs with multiple applications and teams.
Key -Responsibilities
• Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)
• Hand-off findings to development teams for remediation
• Provide technical remediation assistance to product development teams
• Track and report remediation progress
• Facilitate extension requests for remediation timelines
• Collaborate across teams using JIRA for ticketing and dashboards
• Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.
• Should have good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.
• Good understanding of information security related fields, including security operations and administration
• Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization
• Good understanding of vulnerability reports from tools like Qualys/ Tenable etc.
• Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus
• Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties
• Knowledge on vulnerability exception management process
• Strong practical knowledge on presenting vulnerability remediation tracking updates to the management
• Hands on experience on vulnerability patching
• Should have a good customer handling skill
• Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.