We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
Remote New

Application Security & Remediation Engineer

Skill
United States
Jul 02, 2026
Overview

Placement Type:

Temporary

Salary:

$90-92 Hourly

$92 / hourly as W2

Start Date:

Aug 3, 2026

Application Security & Remediation Engineer

Remote

$92 / hourly

As an Application Security & Remediation Engineer on our Attack & Pentest team, you will bridge the gap between offensive security discovery and defensive engineering. You won't just find vulnerabilities; you will own the critical process of validating exploitability, calculating real-world business risk, and collaborating directly with engineering teams to ensure effective remediation.

This is a highly technical, hands-on role perfect for an offensive security professional who wants to maximize their impact by ensuring vulnerabilities are not just documented, but permanently resolved.


Core Responsibilities

  • Advanced Triage & Exploitation: Review, validate, and replicate incoming vulnerability reports (including internal testing, automated tooling, and crowdsourced programs). Assess severity and business impact, and build clear proof-of-concept (PoC) reproductions.
  • Remediation Consultation: Partner closely with application security, DevOps, and engineering teams to provide clear, actionable remediation guidance and architectural context.
  • Targeted Retesting: Perform manual and automated validation testing of remediated applications and infrastructure to verify that code fixes are robust and complete.
  • Vulnerability Orchestration: Monitor remediation timelines against organizational SLAs, coordinate with development squads to unblock complex fixes, and escalate systemic risks when necessary.
  • Data & Metrics: Maintain high-fidelity records within our vulnerability management ecosystem and contribute to executive-level metrics regarding corporate risk posture.
  • Strategic Process Improvement: Identify patterns in recurring vulnerabilities to recommend systemic guardrails, CI/CD tooling enhancements, or developer training initiatives to eliminate bug classes at the source.


Required Qualifications

  • Experience: 3+ years of hands-on experience in offensive security, penetration testing, or technical application security engineering (web apps, APIs, cloud-native infrastructure).
  • Triage Mastery: Proven experience analyzing and prioritizing vulnerabilities at scale using framework methodologies (CVSS, CWE, OWASP Top 10).
  • Technical Communication: Exceptional ability to write reproducible PoCs and translate complex cryptographic, logic, or code flaws into clear remediation steps for developers.
  • Ecosystem Knowledge: Deep understanding of modern SDLC practices, Git-based workflows, and how security testing integrates into the development lifecycle.
  • Tools: Proficient with core offensive testing tooling (e.g., Burp Suite Pro, Caido, Nuclei) and familiarity with ticketing/vulnerability management platforms (e.g., Jira, DefectDojo).


Preferred Qualifications

  • Certifications: OSCP, GWAPT, GPEN, BSCP, or equivalent practical offensive security certifications.
  • Automation: Scripting capabilities (Python, Bash, Go) to automate routine validation and retesting workflows.
  • Cloud & Modern Infrastructure: Foundational security knowledge of cloud environments (AWS/Azure/GCP) and containerized environments (Kubernetes/Docker).
  • Industry Experience: Familiarity with securing highly regulated environments (e.g., financial services, healthcare) and handling bug bounty programs

Applied = 0

(web-77cf7d65c7-jdxdg)