# Vulnerability Management Engineer – Application Security (Mid-Level)

Remote from[LATAM](https://jobicy.com/job-region/latam.md)Annual salary Undisclosed Salary information is not provided for this position.
Check our [Salary Directory](https://jobicy.com/salaries.md) to estimate the average compensation for similar roles.Department  [Software Engineering](https://jobicy.com/categories/engineering.md) Employment type Full Time, Job posted5 Jun 2026Apply before5 Jul 2026Experience level  Midweight
Views / Applies 5089 / 710 [About company](https://jobicy.com/company/ntt-data.md) [Share](#share)

About [NTT DATA](https://jobicy.com/company/ntt-data.md)

Trusted Global Innovator with Human-Centric Approach

*

[Information Technology & Services](https://jobicy.com/company-category/information-technology-services.md)
*  1967

Actively Hiring  Verified job posting This job post has been [manually reviewed](https://jobicy.com/tools/help-center/employee/how-does-jobicy-verify-the-legitimacy-of-remote-job-listings.md) for authenticity and compliance.       Tailor Resume Check Job Fit Cover Letter

### Tailor my resume to this job

Discover how to best rewrite and optimize your resume for this specific job. You'll receive personalized suggestions and detailed guidance to highlight your key strengths, effectively address the job requirements, and make your application more compelling to recruiters and hiring managers.     After analyzing your resume, I can provide several recommendations to better position yourself for this role.  Your background in software development shows strong technical skills, particularly in Java and Python development. However, for this Senior Backend Developer position, I notice there could be more emphasis on your experience with microservices architecture and cloud technologies, which are key requirements for this role. I recommend highlighting specific projects where you utilized these technologies and quantifying your achievements to demonstrate impact... Upgrade to Plus

### Am I a good fit for this job?

Understand your compatibility with this specific job opportunity. Our detailed analysis will assess your resume against the role's requirements, providing insights into your potential fit, key skill alignments, and areas you might need to develop to be a strong candidate.     After assessing your resume against the job requirements, here's a summary of your fit:  1. Overall Match: Moderate Fit (Approx. 65-70%). Your resume shows good alignment with several core responsibilities for the Project Manager role, especially your experience in agile methodologies and stakeholder communication.
2. Key Strengths: Your PMP certification and proven track record in delivering projects on time are strong assets for this position.
3. Potential Gap: The role specifies experience with 'XYZ specific software', which is not explicitly mentioned in your resume. If you have this experience, ensure it's highlighted.
4. Recommendation: Consider adding a quantifiable achievement related to budget management, as this is often a key metric for PM roles... Upgrade to Plus

### Cover Letter Assistant

Need help writing a compelling cover letter? Our system can analyze this job and your resume to help you draft personalized paragraphs that highlight your strengths and impress hiring managers.      Let me help you draft a strong opening...  Dear Hiring Manager, I am writing to express my keen interest in the Senior Marketing Manager position. My background in developing data-driven marketing strategies and leading successful product launches, as detailed in my resume, directly aligns with your need for a candidate capable of enhancing brand visibility and driving market share growth. I am confident I can make a significant contribution to your team... Upgrade to Plus

###  AI Summary

NTT Data is seeking a mid-level Vulnerability Management Engineer for Application Security, responsible for identifying and remediating application vulnerabilities across web, mobile, and cloud environments. The role involves executing SAST/DAST/SCA assessments, false positive analysis, and coordinating remediation efforts. Candidates need 5-7 years of experience with tools like Burp Suite, Fortify, and SonarQube, and a strong understanding of OWASP Top 10. The position is onsite in Valencia, Spain or remote in LATAM, working US Eastern Time hours. This is a fast-paced role requiring collaboration with development teams to integrate security into CI/CD pipelines.

### Role DNA

Job Complexity Easy Hard Pace & Pressure Relaxed Fast-paced Autonomy Level Guided Full Ownership Communication Load Independent Highly Collaborative

AI Insight The role requires 5-7 years of experience and deep technical expertise in application security, including vulnerability assessments and remediation coordination, making it challenging but not the hardest level.

### Salary Analysis

Median  Highly Competitive  $130,000US Market $100k – 160k 0 $176k      AI Insight The offered salary is not provided, but based on US market rates for a mid-level Application Security Engineer, the median is around $130,000. The typical range is $100,000 to $160,000, depending on experience and location. This role may offer competitive compensation for the right candidate.

### Core Skills Required

[Vulnerability Management](https://jobicy.com/jobs?search_keywords=Vulnerability+Management.md) [Application Security](https://jobicy.com/jobs?search_keywords=Application+Security.md) [SAST](https://jobicy.com/jobs?search_keywords=SAST.md) [DAST](https://jobicy.com/jobs?search_keywords=DAST.md) [Burp Suite](https://jobicy.com/jobs?search_keywords=Burp+Suite.md) [OWASP Top 10](https://jobicy.com/jobs?search_keywords=OWASP+Top+10.md) [CVSS](https://jobicy.com/jobs?search_keywords=CVSS.md) [CI/CD](https://jobicy.com/jobs?search_keywords=CICD.md) [Threat Modeling](https://jobicy.com/jobs?search_keywords=Threat+Modeling.md) [Secure Coding](https://jobicy.com/jobs?search_keywords=Secure+Coding.md)

### Cover Letter Sample

I am excited to apply for the Vulnerability Management Engineer position at NTT Data. With 6 years of experience in application security and a strong background in vulnerability assessments using Burp Suite, Fortify, and SonarQube, I am confident in my ability to manage and remediate application vulnerabilities effectively.

* I have successfully executed SAST and DAST scans, performed false positive analysis, and coordinated remediation with development teams.
* My experience with CI/CD integration and threat modeling aligns with your requirements for enhancing security posture.
* I am eager to contribute to NTT Data's global security initiatives and work in a fast-paced environment.

Thank you for considering my application. I look forward to discussing how my skills can benefit your team.

Copy

### Sample Interview Questions

How do you prioritize vulnerabilities when you have multiple findings with different severity levels?I prioritize based on a combination of CVSS score, exploitability, business impact, and exposure. For example, a critical vulnerability in a public-facing API would be addressed before a high in an internal tool. I also consider compensating controls and the likelihood of exploitation.Describe your experience with integrating security scanning into CI/CD pipelines.I have integrated SAST and SCA tools into Jenkins and GitLab CI pipelines, ensuring scans run automatically on each commit. I also set up quality gates to fail builds if critical vulnerabilities are found, and worked with developers to triage and fix issues quickly.Explain how you would handle a false positive in a vulnerability scan.I would verify the finding by manually testing the endpoint, reviewing the code, and checking if any compensating controls exist. If confirmed as a false positive, I document the reasoning and suppress the finding in the scanner, ensuring it is re-evaluated periodically.What is your approach to threat modeling for a new application?I use the STRIDE model to identify threats early. I start by mapping data flows, trust boundaries, and assets. Then I identify potential threats like spoofing or tampering, and propose mitigations. This helps in designing secure architecture from the start.Can you describe a time you remediated a high-severity vulnerability and the steps you took?I once found a SQL injection vulnerability in a legacy web app. I coordinated with the developers to apply parameterized queries, tested the fix with Burp Suite, and added WAF rules as a temporary measure. The vulnerability was closed within 48 hours, and I updated the secure coding guidelines.  Vulnerability Management Engineer – Application Security (Mid-Level)

NTT DATA is a team of more than 139,000 diverse professionals operating in more than 50 countries worldwide. Our sectors of activity include telecommunications, finance, industry, utilities, energy, public administration, and health.

Our mission? Offer technological solutions, business, strategy, development, and application maintenance while being a benchmark in consulting. Thanks to the collaboration between teams, the human quality of our people, and the fact that we do not conform to what is established, we always seek innovation that brings us closer to the future.

Our essence has led us to the forefront of technology, breaking paradigms and providing solutions that truly respond to each client’s needs. Our talent has led us to be one of the top six technology companies in the world.

Because #Greattech, needs #GreatPeople, like you

NTT Data seeks high-achieving team players who quickly adapt to new challenges and entrepreneurial ventures. We are looking fora Vulnerability Engineer to work with our global client onsite in Valencia, Spain OR remote in LATAM.

Location: Valencia, Spain or LATAM – if in Valencia, Spain will be 100% onsite, if in LATAM will be 100% remote
Working Hours: U.S. Eastern Time (9:00 AM – 5:00 PM ET)

Role Overview

We are seeking a mid-level engineer to identify, manage, and remediate application vulnerabilities throughout the software development lifecycle. This role plays a key part in maintaining our security posture across web, mobile, and cloud-based applications. Ideal candidates will have deep technical curiosity and practical experience with vulnerability scanning, security assessments, prioritization, and coordination of remediation efforts.

Key Responsibilities

* Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk.
* Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes.
* Manage multiple application security initiatives concurrently while meeting strict timelines in a fast‑paced environment.
* Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring).
* Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and mean time to remediation (MTTR).
* Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation.
* Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
* Support threat modeling and application risk assessments, with a focus on discovering insecure design patterns.
* Participate in high‑severity or zero‑day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed.
* Provide input into policies and standards related to application and cloud security controls.

Required Qualifications

* Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or related discipline—or equivalent professional experience.
* 5-7 years of relevant experience in application security and/or vulnerability management.
* Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
* Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business‑logic vulnerabilities.
* Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
* Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
* Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
* Excellent documentation, communication, and stakeholder engagement skills.

Preferred Qualifications & Certifications

* Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
* Experience using the ServiceNow platform for vulnerability or incident tracking.
* Proficiency in Azure cloud and Azure DevOps environments.
* Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.

Why NTT Data?

Empowerment and rewards are the cornerstone of our career development model. We are a young, fast-growing company, with a highly innovative and entrepreneurial spirit, because of this professional experience and growth will be unmatched. Our talent and positive attitude allow us to transform our goals into achievements, and projects into realities.

NTT Data is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. NTT Data is an Equal Opportunity Employer Male/Female/Disabled/Veteran and a VEVRAA Federal Contractor.

Show more

[Apply now >](https://jobicy.com/jobs/145564-vulnerability-management-engineer-application-security-mid-level.md)

>  Annual salary information is not provided for this position. Explore salary ranges for similar roles in our [Salary Directory ›](https://jobicy.com/salaries.md)

*

![Upload CV](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NSIgaGVpZ2h0PSI2NSIgZmlsbD0ibm9uZSIgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48ZyBjbGlwLXBhdGg9InVybCgjQSkiPjxwYXRoIGQ9Ik0wIDBINjVWNjVIMFYwWiIgZmlsbD0iIzAyOWFlYiIvPjxnIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIyIj48cGF0aCBkPSJNMzMuMDQ5IDE1LjQ1NGExLjQzIDEuNDMgMCAwIDAtMi4wOTcgMGwtNy41NzkgOC4xNDdhMS4zOCAxLjM4IDAgMCAwIC4wOSAxLjk3MyAxLjQ0IDEuNDQgMCAwIDAgMi4wMDgtLjA4OGw1LjEwOS01LjQ5MnYyMC42MWExLjQxIDEuNDEgMCAwIDAgMS40MjEgMS4zOTdjLjc4NSAwIDEuNDIxLS42MjUgMS40MjEtMS4zOTd2LTIwLjYxbDUuMTA5IDUuNDkyYTEuNDQgMS40NCAwIDAgMCAyLjAwOC4wODggMS4zOCAxLjM4IDAgMCAwIC4wOS0xLjk3M2wtNy41NzktOC4xNDZ6TTE2Ljc2OSAzOC40YzAtLjc3My0uNjItMS40LTEuMzg1LTEuNFMxNCAzNy42MjcgMTQgMzguNHYuMTAybC4yMTUgNi4yMjljLjIyMyAxLjY4LjcwMSAzLjA5NSAxLjgxMyA0LjIxOHMyLjUxIDEuNjA3IDQuMTcyIDEuODMzYzEuNi4yMTggMy42MzYuMjE4IDYuMTYuMjE4aDExLjI4bDYuMTYtLjIxOGMxLjY2Mi0uMjI2IDMuMDYxLS43MDkgNC4xNzItMS44MzNzMS41ODktMi41MzggMS44MTMtNC4yMThDNTAgNDMuMTEzIDUwIDQxLjA1NSA1MCAzOC41MDNWMzguNGMwLS43NzMtLjYyLTEuNC0xLjM4NS0xLjRzLTEuMzg1LjYyNy0xLjM4NSAxLjRsLS4xOSA1Ljk1OGMtLjE4MiAxLjM3LS41MTUgMi4wOTUtMS4wMjYgMi42MTJzLTEuMjI4Ljg1My0yLjU4MyAxLjAzOGMtMS4zOTUuMTktMy4yNDMuMTkzLTUuODkzLjE5M0gyNi40NjJjLTIuNjUgMC00LjQ5OC0uMDAzLTUuODkzLS4xOTMtMS4zNTUtLjE4NC0yLjA3Mi0uNTIxLTIuNTgzLTEuMDM4cy0uODQ0LTEuMjQyLTEuMDI2LTIuNjEyYy0uMTg3LTEuNDEtLjE5MS0zLjI3OS0uMTkxLTUuOTU4eiIvPjwvZz48L2c+PGRlZnM+PGNsaXBQYXRoIGlkPSJBIj48cGF0aCBmaWxsPSIjZmZmIiBkPSJNMCAwaDY1djY1SDB6Ii8+PC9jbGlwUGF0aD48L2RlZnM+PC9zdmc+)

### Upload your resume now

To unlock remote work opportunities and be discovered by global employers.

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

## How to apply

## See a few more

Similar Software Engineering remote jobs

*
![TechMagic logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/09/3015c753-221.png)

TechMagic

[Middle Strong General QA (with AI)](https://jobicy.com/jobs/145122-middle-strong-general-qa-with-ai.md)

We are looking for a Middle strong General QA Engineer with 3+ years of experience to join a distributed product team and take ownership of quality across the full testing…

![Ukraine flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ua.svg)
UA•Full TimeNEW*
![Cision logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/08/e9661342-221.jpeg)

Cision

[Software Developer II](https://jobicy.com/jobs/145141-software-developer-ii.md)

At Cision, we believe in empowering every individual to make an impact. Here, your voice is heard, your ideas are valued, and your unique perspective fuels our collective success….

![Canada flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ca.svg)
CA•Full TimeCAD 96,395-110k/year*
![Aviatrix logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/c783b38c-221.jpeg)

Aviatrix

[MTS Cloud Test](https://jobicy.com/jobs/145145-mts-cloud-test.md)

WHO WE ARE: Aviatrix® is pioneering the Cloud Native Security Fabric — the architecture the Containment Era requires. The Cloud Native Security Fabric governs every workload communication path across…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeNEW*
![Truelogic logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e7ae6cb6-221-1.png)

Truelogic

[Senior Full-stack Engineer (React OR Vue/Python) – Investment (Latam)](https://jobicy.com/jobs/146283-senior-full-stack-engineer-react-or-vue-python-investment-latam.md)

About TruelogicAt Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of…

![LATAM flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/latam.svg)
LATAM•Full TimeNEW*
![Zartis logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/9bd0869f-221.webp)

Zartis

[Senior Platform Engineer](https://jobicy.com/jobs/148224-senior-platform-engineer.md)

The company and our mission: Zartis is a global AI transformation and technology consulting partner where talented engineers and technologists work on cutting edge innovation. We partner with ambitious organizations…

![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg)
EU•Full TimeNEW*
![NBCUniversal logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/836510d4-221-2.jpg)

NBCUniversal

[Data Engineer, Engineering & Operations](https://jobicy.com/jobs/148199-data-engineer-engineering-operations.md)

Company DescriptionNBCUniversal is one of the world’s leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 115k-145k/year*
![Lingraphica logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2021/12/0ebd0674d0b000a5783705e1b9ae1dd7.png)

Lingraphica

[Software Engineer – Unity](https://jobicy.com/jobs/148197-software-engineer-unity.md)

Company DescriptionLingraphica is a mission-driven organization that provides speech-generating devices to help improve communication, speech, and quality of life for people with communication impairments. Lingraphica is a leader in augmentative and alternative communication…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 84k-97,400/year*
![Veeam Software logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/f7716b71-221.jpg)

Veeam Software

[Software Developer in Test (JavaScript)](https://jobicy.com/jobs/144087-software-developer-in-test-javascript-2.md)

Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI…

![Poland flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/pl.svg)
PL•Full TimeNEW*
![Aviatrix logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/c783b38c-221.jpeg)

Aviatrix

[Senior Solutions Architect – ACE](https://jobicy.com/jobs/148145-senior-solutions-architect-ace.md)

WHO WE ARE: Aviatrix® is pioneering the Cloud Native Security Fabric — the architecture the Containment Era requires. The Cloud Native Security Fabric governs every workload communication path across…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 121,829-143,328/year*
![Chainguard logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e4b6aacf-221.jpeg)

Chainguard

[Engineering Manager, Internal Developer Platform](https://jobicy.com/jobs/148144-engineering-manager-internal-developer-platform.md)

Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations…

![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg)
US•Full TimeUSD 205k-230k/year
[More Jobs](https://jobicy.com/jobs.md)