Vulnerability Management Engineer – Application Security (Mid-Level)

Company: NTT DATA

Location: Valencia, Spain (100% onsite) OR LATAM (100% remote)

Working Hours: U.S. Eastern Time (9:00 AM – 5:00 PM ET)

About the Role:

NTT DATA is seeking a mid-level Vulnerability Management Engineer to join their global client's team. This role is crucial for identifying, managing, and remediating application vulnerabilities throughout the software development lifecycle, playing a key part in maintaining security posture across web, mobile, and cloud-based applications. The ideal candidate possesses deep technical curiosity and practical experience in vulnerability scanning, security assessments, prioritization, and remediation coordination.

Role Overview:

This position focuses on ensuring the security of applications by managing vulnerabilities from identification to resolution. You will work with a global client, contributing to a robust security framework.

Key Responsibilities:

• Execute and support application vulnerability assessments (SAST, DAST, SCA, manual code review), ensuring findings are accurate, actionable, and relevant to application risk.
• Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm fixes.
• Manage multiple application security initiatives concurrently in a fast-paced environment with strict timelines.
• Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring).
• Develop and maintain dashboards and reports tracking vulnerability metrics (e.g., severity distribution, remediation SLAs, mean time to remediation - MTTR).
• Support the integration of security scanning and vulnerability workflows into CI/CD pipelines.
• Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
• Support threat modeling and application risk assessments, focusing on insecure design patterns.
• Participate in high-severity or zero-day vulnerability response activities.
• Provide input into policies and standards related to application and cloud security controls.

Required Qualifications:

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or a related discipline, or equivalent professional experience.
• 5-7 years of relevant experience in application security and/or vulnerability management.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
• Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex vulnerabilities.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
• Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
• Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
• Excellent documentation, communication, and stakeholder engagement skills.

Preferred Qualifications & Certifications:

• Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
• Experience using the ServiceNow platform for vulnerability or incident tracking.
• Proficiency in Azure cloud and Azure DevOps environments.
• Experience using Power BI or similar tools to visualize vulnerability metrics.

Why NTT DATA?

NTT DATA offers unparalleled professional experience and growth in a young, fast-growing company with an innovative and entrepreneurial spirit. We are committed to hiring and retaining a diverse workforce and are an Equal Opportunity/Affirmative Action-Employer.