Vulnerability Management Specialist – Application Security

Remote

Contract

Senior

Remote, Canada

Information SecuritySecurity EngineeringCybersecurityApplication SecurityAppSeccanadaDashboardsGitHubprioritizationsastskilltrackingvulnerabilityVulnerability Managementvulnerability scanning

Job description

Role: Vulnerability management (Remote, Canada)

Location: Remote (Canada)

Employment Type: Contract

Work Authorization: Open Work Permit (OWP), PR, Canadian Citizen only

Mandatory skills for vulnerability management we are looking for the candidate having below key skills:

Regarding skills for appsec. We need below hands-on experience and not only tool based.

AppSec:

Web Application Security

Mobile Application Security

API Security

SAST (Static Application Security Testing), SCA (Software Composition Analysis)

Vulnerability Management lifecycle

VM: Risk Assessment & Prioritization
Ability to assess vulnerabilities based on risk, not just severity—considering CVSS scores, exploitability, asset criticality, business impact, and threat intelligence to prioritize remediation effectively.

Vulnerability Scanning & Tool Proficiency
Hands-on expertise with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7, OpenVAS) and the ability to interpret scan results accurately, reduce false positives, and tune scans for different environments.

Patch & Remediation Management
Strong coordination skills to drive timely patching and mitigation—working with IT, cloud, DevOps, and application teams to remediate vulnerabilities while minimizing operational and business disruption.

Reporting & Stakeholder Communication
Ability to translate technical vulnerability data into clear, actionable reports for different audiences (engineers, management, auditors), including dashboards, trends, SLAs, and risk narratives.

Compliance & Continuous Improvement
Knowledge of security frameworks and standards and the skill to embed vulnerability management into continuous security processes, audits, and metrics-driven improvement.

Job Description:

"Summary

The Vulnerability Management Specialist – Application Security is responsible for end to end management of application security vulnerabilities across the SDLC using SAST, DAST, and SCA tools, with a strong focus on risk based prioritization, remediation tracking, and posture visibility through ASPM platforms.

Technical Skills

Strong hands on experience with:

SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)
DAST tools and runtime testing approaches
SCA / OSS security and dependency risk analysis

Working knowledge of ASPM platforms and vulnerability aggregation.

Understanding of OWASP Top 10, secure coding practices, and application threat models.

Soft Skills:

Must be from global support background.
Strong documentation, presentation, and communication skills

Experience

8-10 + years of experience in application security or vulnerability management roles.
Experience supporting enterprise scale AppSec programs with multiple applications and teams.

Key -Responsibilities

Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)
Hand-off findings to development teams for remediation
Provide technical remediation assistance to product development teams
Track and report remediation progress
Facilitate extension requests for remediation timelines
Collaborate across teams using JIRA for ticketing and dashboards
Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.
Should have good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.
Good understanding of information security related fields, including security operations and administration
Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization
Good understanding of vulnerability reports from tools like Qualys/ Tenable etc.
Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus
Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties
Knowledge on vulnerability exception management process
Strong practical knowledge on presenting vulnerability remediation tracking updates to the management
Hands on experience on vulnerability patching
Should have a good customer handling skill
Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.

Good match

We match every vacancy against your profile and show a fit score — so you instantly know which ones are worth applying to. Sign up and create a resume — it's free.

Not enough data to estimate a salary range for this role in this region yet.