Vulnerability Management Engineer – Application Security (Mid-Level)

Vulnerability Management Engineer – Application Security (Mid-Level)

NTT DATA is a global team of over 139,000 professionals operating in more than 50 countries. We are a leading technology company dedicated to providing innovative solutions across various sectors including telecommunications, finance, industry, utilities, energy, public administration, and health. Our mission is to offer cutting-edge technological solutions, business strategies, and application maintenance, setting benchmarks in consulting through collaboration, quality people, and a drive for innovation.

We are seeking a motivated and adaptable Vulnerability Management Engineer to join our global client team. This role can be based in Valencia, Spain (100% onsite) or remotely in LATAM.

Working Hours: 9:00 AM – 5:00 PM U.S. Eastern Time (ET)

Role Overview

As a mid-level engineer, you will be instrumental in identifying, managing, and remediating application vulnerabilities throughout the software development lifecycle. You will play a crucial role in maintaining the security posture of our web, mobile, and cloud-based applications. The ideal candidate possesses deep technical curiosity and practical experience in vulnerability scanning, security assessments, prioritization, and coordinating remediation efforts.

Key Responsibilities

• Execute and support application vulnerability assessments, including SAST, DAST, SCA, and manual code reviews, ensuring findings are accurate, actionable, and relevant to application risk.
• Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes.
• Manage multiple application security initiatives concurrently, meeting strict timelines in a fast-paced environment.
• Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, utilizing industry best practices such as CVSS scoring.
• Develop and maintain dashboards and reports to track vulnerability metrics, including severity distribution, remediation Service Level Agreements (SLAs), and Mean Time To Remediation (MTTR).
• Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation.
• Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
• Support threat modeling and application risk assessments, with a focus on identifying insecure design patterns.
• Participate in high-severity or zero-day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed.
• Provide input into policies and standards related to application and cloud security controls.

Requirements

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or a related discipline, or equivalent professional experience.
• 5-7 years of relevant experience in application security and/or vulnerability management.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
• Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business-logic vulnerabilities.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
• Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
• Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
• Excellent documentation, communication, and stakeholder engagement skills.

Preferred Qualifications & Certifications

• Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
• Experience using the ServiceNow platform for vulnerability or incident tracking.
• Proficiency in Azure cloud and Azure DevOps environments.
• Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.

Why NTT DATA?

At NTT DATA, empowerment and rewards are central to our career development model. As a fast-growing company with a highly innovative and entrepreneurial spirit, we offer unmatched professional experience and growth opportunities. Our talent and positive attitude enable us to transform goals into achievements and projects into realities.

NTT DATA is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer.