Key skills
Application securityDynamic Application Security Testing (DAST)PythonAWSAzureNIST 800-53HIPAASOC IIGDPRFedRAMPRESTful APIsPostmanSwaggerPublic Trust clearanceQualysTenableRESTfulLeadershipOWASP
About this role
Solventum is a new healthcare company focused on improving lives through innovative solutions. They are looking for an Application Security Engineer to enhance the security of their healthcare information systems and manage vulnerabilities in applications, ensuring compliance with industry standards.
Responsibilities:
- Operating and enhancing application security tool environments
- Authoring automation scripts for reoccurring tasks (Python preferred)
- Setup and execute authenticated and unauthenticated dynamic application security testing (DAST) scans against web applications and APIs using approved tools
- Manage scan scheduling, configuration, and coverage across application security tool environments
- Tune scanning profiles to reduce false positives and improve detection accuracy
- Ensure DAST scanning aligns with release cycles and risk-based scanning requirements
- Validate DAST findings to confirm exploitability and business impact
- Categorize vulnerabilities using industry standards (e.g., OWASP Top 10)
- Prioritize findings based on risk, application criticality, and exposure
- Eliminate false positives and duplicate findings prior to developer handoff
- Partner with development and platform teams to explain DAST findings and remediation expectations
- Track remediation progress and verify fixes through re‑scanning or targeted validation
- Maintain accurate vulnerability records in enterprise tracking systems
- Escalate overdue or high‑risk vulnerabilities in accordance with policy
- Working with application teams to validate that software applications meet security guidelines and compliance standards such as HIPPA, SOC II, GDPR, NIST 800-53, FedRAMP, etc
- Building solutions that collect and present vulnerability and compliance data to Solventum’s leadership
Requirements:
- Bachelor's Degree & 7 years of experience application security
- 3 years' experience administering, running, and analyzing DAST tools
- Knowledgeable with AWS or Azure cloud environments
- Familiarity with best practice software security requirements in industry standard compliance programs (NIST, HITRUST, FedRAMP, etc.)
- Experience developing or testing RESTful APIs with an understanding of Postman and/or Swagger files
- Ability to obtain and maintain a Public Trust clearance
- Experience administering Qualys or Tenable vulnerability management and application security modules
- Experience in working across multiple teams and disciplines
- Strong attention to detail and analytical skills
- Risk-based prioritization and sound judgment