Vulnerability Management Engineer – Application Security (Mid-Level)

About NTT DATA

NTT DATA is a global leader with over 139,000 diverse professionals operating in more than 50 countries. We specialize in providing technological solutions, business consulting, strategy, development, and application maintenance across various sectors including telecommunications, finance, industry, utilities, energy, public administration, and health. Our mission is to be a benchmark in consulting by offering innovative solutions that anticipate the future, driven by the collaboration of our teams and the quality of our people. Recognized as one of the top six technology companies worldwide, we believe that #Greattech needs #GreatPeople.

We are seeking high-achieving, adaptable team players for a Vulnerability Engineer role to work with our global client.

Role Overview

This mid-level engineering position focuses on identifying, managing, and remediating application vulnerabilities throughout the software development lifecycle. You will play a crucial role in maintaining our security posture across web, mobile, and cloud-based applications. The ideal candidate possesses deep technical curiosity and practical experience in vulnerability scanning, security assessments, prioritization, and coordinating remediation efforts.

Location

• Valencia, Spain: 100% onsite
• LATAM: 100% remote

Working Hours

U.S. Eastern Time (9:00 AM – 5:00 PM ET)

Key Responsibilities

• Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk.
• Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes.
• Manage multiple application security initiatives concurrently while meeting strict timelines in a fast-paced environment.
• Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring).
• Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and mean time to remediation (MTTR).
• Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation.
• Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
• Support threat modeling and application risk assessments, with a focus on discovering insecure design patterns.
• Participate in high-severity or zero-day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed.
• Provide input into policies and standards related to application and cloud security controls.

Required Qualifications

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or a related discipline—or equivalent professional experience.
• 5-7 years of relevant experience in application security and/or vulnerability management.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
• Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business-logic vulnerabilities.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
• Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
• Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
• Excellent documentation, communication, and stakeholder engagement skills.

Preferred Qualifications & Certifications

• Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
• Experience using the ServiceNow platform for vulnerability or incident tracking.
• Proficiency in Azure cloud and Azure DevOps environments.
• Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.

Why NTT Data?

At NTT Data, empowerment and rewards are central to our career development model. As a young, fast-growing company with a highly innovative and entrepreneurial spirit, you can expect unparalleled professional experience and growth. Our talent and positive attitude enable us to transform goals into achievements and projects into realities.

NTT Data is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. NTT Data is an Equal Opportunity Employer Male/Female/Disabled/Veteran and a VEVRAA Federal Contractor.