We Love AI JobsWe Love AI JobsHave companies apply to you
Back to jobs

Vulnerability Management Specialist (Application Security)

Aarorn Technologies Inc
Canada (Remote)
Contract
4,500 – 5,000 / year
AI tools:
GitHub Advanced Security
Applications go directly to the hiring team

Full Description

Job Title: Vulnerability Management Specialist Application Security

Location: Canada (Remote)

Employment Type: Contract

Pay Rate: CAD$45 - $50/HR INC

Job Description

The Vulnerability Management Specialist Application Security is responsible for end to end management of application security vulnerabilities across the SDLC using SAST, DAST, and SCA tools, with a strong focus on risk based prioritization, remediation tracking, and posture visibility through ASPM platforms.

Technical Skills

Strong Hands On Experience With

* SAST (e.g., AppScan, Check Marx, GitHub Advanced Security)

* DAST tools and runtime testing approaches

* SCA / OSS security and dependency risk analysis

* Working knowledge of ASPM platforms and vulnerability aggregation.

* Understanding of OWASP Top 10, secure coding practices, and application threat models.

Soft Skills

* Must be from global support background.

* Strong documentation, presentation, and communication skills

Experience

* 8-10 + years of experience in application security or vulnerability management roles.

* Experience supporting enterprise scale AppSec programs with multiple applications and teams.

Key -Responsibilities

* Interpret findings across SAST, SCA, Secrets, API and Mobile scanning (tools like GitHub Advanced Security, Traceable, etc)

* Hand-off findings to development teams for remediation

* Provide technical remediation assistance to product development teams

* Track and report remediation progress

* Facilitate extension requests for remediation timelines

* Collaborate across teams using JIRA for ticketing and dashboards

* Familiarity with RBVM/ASPM tools like ArmorCode, Seemplicity, Brinqa a plus.

* Should have good knowledge of information security areas as Vulnerability Management Lifecycle, hardening controls (CIST, NIST) etc.

* Good understanding of information security related fields, including security operations and administration

* Should possess good understanding of assets, threats and vulnerabilities and their correlation in an organization

* Good understanding of vulnerability reports from tools like Qualys/ Tenable etc.

* Hands on experience on vulnerability prioritization tool, RiskSense or Kenna would be a plus

* Strong practical knowledge of vulnerability remediation tracking across infrastructure, applications, and teams/ 3rd parties

* Knowledge on vulnerability exception management process

* Strong practical knowledge on presenting vulnerability remediation tracking updates to the management

* Hands on experience on vulnerability patching

* Should have a good customer handling skill

* Good to have Experience on vulnerability scanning tools Like Qualys and Tenable.

Mandatory skills for vulnerability management we are looking for the candidate having below key skills:

AppSec

Web Application Security

Mobile Application Security

API Security

SAST (Static Application Security Testing), SCA (Software Composition Analysis)

Vulnerability Management lifecycle

VM: Risk Assessment & Prioritization

Ability to assess vulnerabilities based on risk, not just severity considering CVSS scores, exploitability, asset criticality, business impact, and threat intelligence to prioritize remediation effectively.

Vulnerability Scanning & Tool Proficiency

Hands-on expertise with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7, OpenVAS) and the ability to interpret scan results accurately, reduce false positives, and tune scans for different environments.

Patch & Remediation Management

Strong coordination skills to drive timely patching and mitigation working with IT, cloud, DevOps, and application teams to remediate vulnerabilities while minimizing operational and business disruption.

Reporting & Stakeholder Communication

Ability to translate technical vulnerability data into clear, actionable reports for different audiences (engineers, management, auditors), including dashboards, trends, SLAs, and risk narratives.

Compliance & Continuous Improvement

Knowledge of security frameworks and standards and the skill to embed vulnerability management into continuous security processes, audits, and metrics-driven improvement.

Disclaimer: AI tools may assist in the recruitment process; however, all hiring decisions are made by the recruitment team based on a comprehensive evaluation of candidates.

Applications go to the hiring team directly