Key skills
Application SecurityVulnerability ManagementSASTDASTSCAManual Code ReviewBurp SuiteFortifyCheckmarxSonarQubeBlack DuckTenableNmapNISTMITRE ATT&CKCIS BenchmarksPythonJava.NETSecurity+SSCPGWAPTCISSPOSCPServiceNowAzure CloudAzure DevOpsPower BIStakeholder EngagementBIAzureCI/CDCommunicationOWASPCloud Security
About this role
NTT DATA is a global team of over 139,000 professionals delivering innovative technological solutions across various sectors. They are looking for a mid-level Vulnerability Management Engineer to manage application vulnerabilities throughout the software development lifecycle, ensuring the security posture of web, mobile, and cloud-based applications.
Responsibilities:
- Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk
- Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes
- Manage multiple application security initiatives concurrently while meeting strict timelines in a fast‑paced environment
- Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring)
- Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and mean time to remediation (MTTR)
- Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation
- Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis
- Support threat modeling and application risk assessments, with a focus on discovering insecure design patterns
- Participate in high‑severity or zero‑day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed
- Provide input into policies and standards related to application and cloud security controls
Requirements:
- Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or related discipline—or equivalent professional experience
- 5-7 years of relevant experience in application security and/or vulnerability management
- Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles
- Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business‑logic vulnerabilities
- Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap)
- Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks
- Programming/scripting proficiency in languages such as Python, Java, .NET, or similar
- Excellent documentation, communication, and stakeholder engagement skills
- Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP)
- Experience using the ServiceNow platform for vulnerability or incident tracking
- Proficiency in Azure cloud and Azure DevOps environments
- Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders