Vulnerability Management Specialist – Application Security

𝐖𝐞 𝐀𝐫𝐞 𝐇𝐢𝐫𝐢𝐧𝐠 (𝐂𝐚𝐧𝐚𝐝𝐚)

Job Title: Vulnerability Management Specialist – Application Security (Remote, Canada)
Location: Remote (Canada)
Employment Type: Contract
Work Authorization: Open Work Permit (OWP), PR, Canadian Citizen only

Job Description:

The Vulnerability Management Specialist – Application Security is responsible for end to end management of application security vulnerabilities across the SDLC using SAST, DAST, and SCA tools, with a strong focus on risk based prioritization, remediation tracking, and posture visibility through ASPM platforms.

Technical Skills
Strong hands on experience with:
•            SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)
•            DAST tools and runtime testing approaches
•            SCA / OSS security and dependency risk analysis
Working knowledge of ASPM platforms and vulnerability aggregation.
Understanding of OWASP Top 10, secure coding practices, and application threat models.

Experience
•            8-10 + years of experience in application security or vulnerability management roles.
•            Experience supporting enterprise scale AppSec programs with multiple applications and teams.

Key -Responsibilities
•            Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)
•            Hand-off findings to development teams for remediation
•            Provide technical remediation assistance to product development teams
•            Track and report remediation progress
•            Facilitate extension requests for remediation timelines
•            Collaborate across teams using JIRA for ticketing and dashboards
•            Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.
•            Should have good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.
•            Good understanding of information security related fields, including security operations and administration
•            Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization
•            Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus
•            Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties
•            Knowledge on vulnerability exception management process
•            Hands on experience on vulnerability patching
•            Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.

👉 Reach out for more information.

Regards,
Mohammed Owais Hussain | Talent Acquisition
Email: Owais@aarorn.com