Overview
Salary: $90-92 Hourly $92 / hourly as W2
Application Security & Remediation Engineer Remote $92 / hourly As an Application Security & Remediation Engineer on our Attack & Pentest team, you will bridge the gap between offensive security discovery and defensive engineering. You won't just find vulnerabilities; you will own the critical process of validating exploitability, calculating real-world business risk, and collaborating directly with engineering teams to ensure effective remediation. This is a highly technical, hands-on role perfect for an offensive security professional who wants to maximize their impact by ensuring vulnerabilities are not just documented, but permanently resolved.
Core Responsibilities
- Advanced Triage & Exploitation: Review, validate, and replicate incoming vulnerability reports (including internal testing, automated tooling, and crowdsourced programs). Assess severity and business impact, and build clear proof-of-concept (PoC) reproductions.
- Remediation Consultation: Partner closely with application security, DevOps, and engineering teams to provide clear, actionable remediation guidance and architectural context.
- Targeted Retesting: Perform manual and automated validation testing of remediated applications and infrastructure to verify that code fixes are robust and complete.
- Vulnerability Orchestration: Monitor remediation timelines against organizational SLAs, coordinate with development squads to unblock complex fixes, and escalate systemic risks when necessary.
- Data & Metrics: Maintain high-fidelity records within our vulnerability management ecosystem and contribute to executive-level metrics regarding corporate risk posture.
- Strategic Process Improvement: Identify patterns in recurring vulnerabilities to recommend systemic guardrails, CI/CD tooling enhancements, or developer training initiatives to eliminate bug classes at the source.
Required Qualifications
- Experience: 3+ years of hands-on experience in offensive security, penetration testing, or technical application security engineering (web apps, APIs, cloud-native infrastructure).
- Triage Mastery: Proven experience analyzing and prioritizing vulnerabilities at scale using framework methodologies (CVSS, CWE, OWASP Top 10).
- Technical Communication: Exceptional ability to write reproducible PoCs and translate complex cryptographic, logic, or code flaws into clear remediation steps for developers.
- Ecosystem Knowledge: Deep understanding of modern SDLC practices, Git-based workflows, and how security testing integrates into the development lifecycle.
- Tools: Proficient with core offensive testing tooling (e.g., Burp Suite Pro, Caido, Nuclei) and familiarity with ticketing/vulnerability management platforms (e.g., Jira, DefectDojo).
Preferred Qualifications
- Certifications: OSCP, GWAPT, GPEN, BSCP, or equivalent practical offensive security certifications.
- Automation: Scripting capabilities (Python, Bash, Go) to automate routine validation and retesting workflows.
- Cloud & Modern Infrastructure: Foundational security knowledge of cloud environments (AWS/Azure/GCP) and containerized environments (Kubernetes/Docker).
- Industry Experience: Familiarity with securing highly regulated environments (e.g., financial services, healthcare) and handling bug bounty programs
|