Application Security & Remediation Engineer [211229]
Aquent · Canton, OH · 4 days ago
RemoteRemoteAnalyst$92/hrContract
Core Responsibilities
- Review, validate, and replicate incoming vulnerability reports (including internal testing, automated tooling, and crowdsourced programs).
- Assess severity and business impact, and build clear proof-of-concept (PoC) reproductions.
- Partner closely with application security, DevOps, and engineering teams to provide clear, actionable remediation guidance and architectural context.
- Perform manual and automated validation testing of remediated applications and infrastructure to verify that code fixes are robust and complete.
- Maintain high-fidelity records within our vulnerability management ecosystem and contribute to executive-level metrics regarding corporate risk posture.
- Identify patterns in recurring vulnerabilities to recommend systemic guardrails, CI/CD tooling enhancements, or developer training initiatives to eliminate bug classes at the source.
Required Qualifications
- Experience: 3+ years of hands-on experience in offensive security, penetration testing, or technical application security engineering (web apps, APIs, cloud-native infrastructure).
- Triage Mastery: Proven experience analyzing and prioritizing vulnerabilities at scale using framework methodologies (CVSS, CWE, OWASP Top 10).
- Technical Communication: Exceptional ability to write reproducible PoCs and translate complex cryptographic, logic, or code flaws into clear remediation steps for developers.
- Ecosystem Knowledge: Deep understanding of modern SDLC practices, Git-based workflows, and how security testing integrates into the development lifecycle.
- Tools: Proficient with core offensive testing tooling (e.g., Burp Suite Pro, Caido, Nuclei) and familiarity with ticketing/vulnerability management platforms (e.g., Jira, DefectDojo).
Preferred Qualifications
- Certifications: OSCP, GWAPT, GPEN, BSCP, or equivalent practical offensive security certifications.
- Automation: Scripting capabilities (Python, Bash, Go) to automate routine validation and retesting workflows.
- Cloud & Modern Infrastructure: Foundational security knowledge of cloud environments (AWS/Azure/GCP) and containerized environments (Kubernetes/Docker).
- Industry Experience: Familiarity with securing highly regulated environments (e.g., financial services, healthcare) and handling bug bounty programs.