Home
Recruiter
Log In

Vulnerability Management Engineer – Application Security (Mid-Level)

Remote from
LATAM flag
LATAM
Annual salary
Undisclosed
Salary information is not provided for this position. Check our Salary Directory to estimate the average compensation for similar roles.
Department
Software Engineering
Employment type
Full Time,
Job posted
Apply before
5 Jul 2026
Experience level
Midweight
Views / Applies
98 / 14
About company Share

About NTT DATA

Trusted Global Innovator with Human-Centric Approach

Verified job posting
This job post has been manually reviewed for authenticity and compliance.

AI Summary

NTT Data is seeking a mid-level Vulnerability Management Engineer for Application Security, responsible for identifying and remediating application vulnerabilities across web, mobile, and cloud environments. The role involves executing SAST/DAST/SCA assessments, false positive analysis, and coordinating remediation efforts. Candidates need 5-7 years of experience with tools like Burp Suite, Fortify, and SonarQube, and a strong understanding of OWASP Top 10. The position is onsite in Valencia, Spain or remote in LATAM, working US Eastern Time hours. This is a fast-paced role requiring collaboration with development teams to integrate security into CI/CD pipelines.

Role DNA

Job Complexity
Easy Hard
Pace & Pressure
Relaxed Fast-paced
Autonomy Level
Guided Full Ownership
Communication Load
Independent Highly Collaborative
AI Insight The role requires 5-7 years of experience and deep technical expertise in application security, including vulnerability assessments and remediation coordination, making it challenging but not the hardest level.

Salary Analysis

Median Highly Competitive
$130,000
US Market
$100k – $160k
0 $176k
AI Insight The offered salary is not provided, but based on US market rates for a mid-level Application Security Engineer, the median is around $130,000. The typical range is $100,000 to $160,000, depending on experience and location. This role may offer competitive compensation for the right candidate.

Key Skills

Vulnerability Management Application Security SAST DAST Burp Suite OWASP Top 10 CVSS CI/CD Threat Modeling Secure Coding

I am excited to apply for the Vulnerability Management Engineer position at NTT Data. With 6 years of experience in application security and a strong background in vulnerability assessments using Burp Suite, Fortify, and SonarQube, I am confident in my ability to manage and remediate application vulnerabilities effectively.

  • I have successfully executed SAST and DAST scans, performed false positive analysis, and coordinated remediation with development teams.
  • My experience with CI/CD integration and threat modeling aligns with your requirements for enhancing security posture.
  • I am eager to contribute to NTT Data's global security initiatives and work in a fast-paced environment.

Thank you for considering my application. I look forward to discussing how my skills can benefit your team.

How do you prioritize vulnerabilities when you have multiple findings with different severity levels?
I prioritize based on a combination of CVSS score, exploitability, business impact, and exposure. For example, a critical vulnerability in a public-facing API would be addressed before a high in an internal tool. I also consider compensating controls and the likelihood of exploitation.
Describe your experience with integrating security scanning into CI/CD pipelines.
I have integrated SAST and SCA tools into Jenkins and GitLab CI pipelines, ensuring scans run automatically on each commit. I also set up quality gates to fail builds if critical vulnerabilities are found, and worked with developers to triage and fix issues quickly.
Explain how you would handle a false positive in a vulnerability scan.
I would verify the finding by manually testing the endpoint, reviewing the code, and checking if any compensating controls exist. If confirmed as a false positive, I document the reasoning and suppress the finding in the scanner, ensuring it is re-evaluated periodically.
What is your approach to threat modeling for a new application?
I use the STRIDE model to identify threats early. I start by mapping data flows, trust boundaries, and assets. Then I identify potential threats like spoofing or tampering, and propose mitigations. This helps in designing secure architecture from the start.
Can you describe a time you remediated a high-severity vulnerability and the steps you took?
I once found a SQL injection vulnerability in a legacy web app. I coordinated with the developers to apply parameterized queries, tested the fix with Burp Suite, and added WAF rules as a temporary measure. The vulnerability was closed within 48 hours, and I updated the secure coding guidelines.

Vulnerability Management Engineer – Application Security (Mid-Level)

NTT DATA is a team of more than 139,000 diverse professionals operating in more than 50 countries worldwide. Our sectors of activity include telecommunications, finance, industry, utilities, energy, public administration, and health.

Our mission? Offer technological solutions, business, strategy, development, and application maintenance while being a benchmark in consulting. Thanks to the collaboration between teams, the human quality of our people, and the fact that we do not conform to what is established, we always seek innovation that brings us closer to the future.

Our essence has led us to the forefront of technology, breaking paradigms and providing solutions that truly respond to each client’s needs. Our talent has led us to be one of the top six technology companies in the world.

Because #Greattech, needs #GreatPeople, like you

NTT Data seeks high-achieving team players who quickly adapt to new challenges and entrepreneurial ventures. We are looking fora Vulnerability Engineer to work with our global client onsite in Valencia, Spain OR remote in LATAM.

Location: Valencia, Spain or LATAM – if in Valencia, Spain will be 100% onsite, if in LATAM will be 100% remote
Working Hours: U.S. Eastern Time (9:00 AM – 5:00 PM ET)

Role Overview

We are seeking a mid-level engineer to identify, manage, and remediate application vulnerabilities throughout the software development lifecycle. This role plays a key part in maintaining our security posture across web, mobile, and cloud-based applications. Ideal candidates will have deep technical curiosity and practical experience with vulnerability scanning, security assessments, prioritization, and coordination of remediation efforts.

Key Responsibilities

  • Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk.
  • Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes.
  • Manage multiple application security initiatives concurrently while meeting strict timelines in a fast‑paced environment.
  • Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring).
  • Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and mean time to remediation (MTTR).
  • Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation.
  • Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
  • Support threat modeling and application risk assessments, with a focus on discovering insecure design patterns.
  • Participate in high‑severity or zero‑day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed.
  • Provide input into policies and standards related to application and cloud security controls.

Required Qualifications

  • Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or related discipline—or equivalent professional experience.
  • 5-7 years of relevant experience in application security and/or vulnerability management.
  • Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
  • Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business‑logic vulnerabilities.
  • Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
  • Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
  • Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
  • Excellent documentation, communication, and stakeholder engagement skills.

Preferred Qualifications & Certifications

  • Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
  • Experience using the ServiceNow platform for vulnerability or incident tracking.
  • Proficiency in Azure cloud and Azure DevOps environments.
  • Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.

Why NTT Data? 

Empowerment and rewards are the cornerstone of our career development model. We are a young, fast-growing company, with a highly innovative and entrepreneurial spirit, because of this professional experience and growth will be unmatched. Our talent and positive attitude allow us to transform our goals into achievements, and projects into realities.

NTT Data is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. NTT Data is an Equal Opportunity Employer Male/Female/Disabled/Veteran and a VEVRAA Federal Contractor.

Apply now >

Annual salary information is not provided for this position. Explore salary ranges for similar roles in our Salary Directory ›

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

How to apply

Did you apply? Let us know, and we’ll help you track your application.

For safety tips, see our guides, and please let us know if you need any assistance.

Log in to save
You're almost done!

Create a free account with us to save a history of all jobs you've shown interest in.

You can also continue as a guest if you prefer.

Share

See a few more

Similar Software Engineering remote jobs

More Jobs

Job Search Safety Tips

Here are some tips to help you search and apply for jobs safely:
Watch out for suspicious jobs Don't apply for jobs that offer high pay for little work or offer to hire you without an interview. Read more ›
Check the employer's profile Make sure you're applying for a trustworthy job by visiting the employer's profile and learning more about them. Read more ›
Protect your information Don't share personal details like your bank account or government-issued ID on suspicious websites or messengers. Read more ›
Report jobs that feel unsafe If you see a job that seems misleading, inappropriate or discriminatory, report it for going against our policies and we'll review it.

Share this job

Jobicy+ Subscription

Jobicy

614 professionals pay to access exclusive and experimental features on Jobicy

Free

USD $0/month

For people just getting started

  • • Unlimited applies and searches
  • • Access on web and mobile apps
  • • Weekly job alerts
  • • Access to additional tools like Bookmarks, Applications, and more

Plus

USD $8/month

Everything in Free, and:

  • • Ad-free experience
  • • Daily job alerts
  • • Personal career consultant
  • • AI-powered job advice
Go to account ›