This job has closed.

IS3 Solutions · 17 hours ago

Cyber Command Application Security Vulnerability Assessment Engineer

Brooklyn, NY

Full-time

Onsite

Senior Level, Lead/Staff

12+ years exp

IS3 Solutions is seeking an Application Security Vulnerability Assessment Engineer to join their team. The role focuses on performing technical scanning and testing activities within the Software Security Assurance Program, identifying and remediating vulnerabilities across the organization's application portfolio.

Cyber SecurityData CenterInformation TechnologyIT Infrastructure

Responsibilities

Operate and maintain industry-standard SAST/DAST tooling, including HCL AppScan, Veracode, and Burp Suite, to ensure continuous security coverage

Scope application assessments by identifying all critical components and APIs required to establish a comprehensive security baseline

Configure and fine-tune scan profiles and parameters to eliminate noise, reduce false positives, and ensure repeatable, high-fidelity results

Manage the full lifecycle of authenticated and unauthenticated scans, including the coordination of application profiles, security profiles, and automated schedules

Validate automated scanner findings through manual testing and exploit reproduction to confirm technical impact

Document false positives with detailed root-cause analysis and technical justification for audit trails

Identify recurring vulnerability patterns and systemic architectural weaknesses across application portfolios

Generate defensible vulnerability reports that include step-by-step evidence for engineering teams and high-level summaries for management

Prioritize remediation efforts by correlating technical severity with business criticality and data sensitivity

Partner with development teams to translate complex security findings into clear, actionable technical requirements that can be easily ingested into their remediation workflows

Prescribe specific coding guidance and design-level mitigations to resolve identified vulnerabilities

Implement compensating controls when direct remediation is not technically feasible or requires long-term architectural changes

Lead working sessions and technical walkthroughs to assist developers in accelerating the 'time-to-fix.'

Lead structured knowledge transfer sessions to train full-time staff on assessment methodologies and security best practices

Qualification

Application SecurityVulnerability AssessmentsSAST/DAST toolsOWASP Top 10NIST 800-53CVSSCloud-native appsAgile/SDLCManual testingKnowledge transfer

Required

Minimum of 12 years of hands-on experience in Application Security, Vulnerability Assessments, or Penetration Testing

Advanced proficiency in applying OWASP Top 10 and NIST 800-53 standards

Practical experience operating and configuring SAST/DAST tools (e.g. AppScan, Veracode, Burp Suite)

Proven ability to explain technical vulnerabilities to developers and provide specific, design-level remediation guidance

Proficiency in using CVSS (Common Vulnerability Scoring System) to correlate technical severity with business impact and data sensitivity

Preferred

Experience testing cloud-native apps (AWS/Azure/GCP), APIs, and microservices

Strong understanding of Agile/SDLC cycles to effectively coordinate with developers and project managers

Proficiency in manual, deep-dive testing to validate automated findings and identify complex business logic flaws

Background working with large, complex organizations or government/public sector environments

Company

IS3 Solutions

IS3 Solutions is an IT company that provides data centers, cloud, cyber security, IT infrastructure, and IT financing solutions.

Founded in 2010

Shrewsbury, New Jersey, USA

51-200 employees

https://is3sol.com

Funding

Current Stage

Growth Stage

Leadership Team

John Marshall

CEO/Managing Partner

Company data provided by crunchbase