Jobs · Analyst

Application Security & Remediation Engineer [211229]

Aquent · Canton, OH · 4 days ago
RemoteRemoteAnalyst$92/hrContract

Core Responsibilities

  • Review, validate, and replicate incoming vulnerability reports (including internal testing, automated tooling, and crowdsourced programs).
  • Assess severity and business impact, and build clear proof-of-concept (PoC) reproductions.
  • Partner closely with application security, DevOps, and engineering teams to provide clear, actionable remediation guidance and architectural context.
  • Perform manual and automated validation testing of remediated applications and infrastructure to verify that code fixes are robust and complete.
  • Maintain high-fidelity records within our vulnerability management ecosystem and contribute to executive-level metrics regarding corporate risk posture.
  • Identify patterns in recurring vulnerabilities to recommend systemic guardrails, CI/CD tooling enhancements, or developer training initiatives to eliminate bug classes at the source.

Required Qualifications

  • Experience: 3+ years of hands-on experience in offensive security, penetration testing, or technical application security engineering (web apps, APIs, cloud-native infrastructure).
  • Triage Mastery: Proven experience analyzing and prioritizing vulnerabilities at scale using framework methodologies (CVSS, CWE, OWASP Top 10).
  • Technical Communication: Exceptional ability to write reproducible PoCs and translate complex cryptographic, logic, or code flaws into clear remediation steps for developers.
  • Ecosystem Knowledge: Deep understanding of modern SDLC practices, Git-based workflows, and how security testing integrates into the development lifecycle.
  • Tools: Proficient with core offensive testing tooling (e.g., Burp Suite Pro, Caido, Nuclei) and familiarity with ticketing/vulnerability management platforms (e.g., Jira, DefectDojo).

Preferred Qualifications

  • Certifications: OSCP, GWAPT, GPEN, BSCP, or equivalent practical offensive security certifications.
  • Automation: Scripting capabilities (Python, Bash, Go) to automate routine validation and retesting workflows.
  • Cloud & Modern Infrastructure: Foundational security knowledge of cloud environments (AWS/Azure/GCP) and containerized environments (Kubernetes/Docker).
  • Industry Experience: Familiarity with securing highly regulated environments (e.g., financial services, healthcare) and handling bug bounty programs.

Similar jobs