Vulnerability Management Specialist – Application Security

Role: Vulnerability management (Remote, Canada)
Location: Remote (Canada)
Employment Type: Contract
Work Authorization: Open Work Permit (OWP), PR, Canadian Citizen only

Mandatory skills for vulnerability management we are looking for the candidate having below key skills:

Regarding skills for appsec. We need below hands-on experience and not only tool based.

AppSec:

Web Application Security 

Mobile Application Security

API Security

SAST (Static Application Security Testing), SCA (Software Composition Analysis)

Vulnerability Management lifecycle

VM: Risk Assessment & Prioritization
Ability to assess vulnerabilities based on risk, not just severity—considering CVSS scores, exploitability, asset criticality, business impact, and threat intelligence to prioritize remediation effectively.

Vulnerability Scanning & Tool Proficiency
Hands-on expertise with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7, OpenVAS) and the ability to interpret scan results accurately, reduce false positives, and tune scans for different environments.

Patch & Remediation Management
Strong coordination skills to drive timely patching and mitigation—working with IT, cloud, DevOps, and application teams to remediate vulnerabilities while minimizing operational and business disruption.

Reporting & Stakeholder Communication
Ability to translate technical vulnerability data into clear, actionable reports for different audiences (engineers, management, auditors), including dashboards, trends, SLAs, and risk narratives.

Compliance & Continuous Improvement
Knowledge of security frameworks and standards and the skill to embed vulnerability management into continuous security processes, audits, and metrics-driven improvement.

Job Description:

"Summary

The Vulnerability Management Specialist – Application Security is responsible for end to end management of application security vulnerabilities across the SDLC using SAST, DAST, and SCA tools, with a strong focus on risk based prioritization, remediation tracking, and posture visibility through ASPM platforms.

Technical Skills

Strong hands on experience with:

•             SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)

•             DAST tools and runtime testing approaches

•             SCA / OSS security and dependency risk analysis

Working knowledge of ASPM platforms and vulnerability aggregation.

Understanding of OWASP Top 10, secure coding practices, and application threat models.

Soft Skills:

•             Must be from global support background.

•             Strong documentation, presentation, and communication skills

Experience

•             8-10 + years of experience in application security or vulnerability management roles.

•             Experience supporting enterprise scale AppSec programs with multiple applications and teams.

Key -Responsibilities

•             Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)

•             Hand-off findings to development teams for remediation

•             Provide technical remediation assistance to product development teams

•             Track and report remediation progress

•             Facilitate extension requests for remediation timelines

•             Collaborate across teams using JIRA for ticketing and dashboards

•             Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.

•             Should have good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.

•             Good understanding of information security related fields, including security operations and administration

•             Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization

•             Good understanding of vulnerability reports from tools like Qualys/ Tenable etc.

•             Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus

•             Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties

•             Knowledge on vulnerability exception management process

•             Strong practical knowledge on presenting vulnerability remediation tracking updates to the management

•             Hands on experience on vulnerability patching

•             Should have a good customer handling skill

•             Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.