Application Security & Vulnerability Assessment Consultant

Role Overview

We are seeking an experienced Application Security & Vulnerability Assessment Consultant to evaluate, validate, and strengthen the security posture of enterprise applications and supporting infrastructure. This role combines application security assurance, vulnerability assessment, security auditing, and risk analysis responsibilities across modern cloud, containerized, and on-premise environments.

The ideal candidate will possess strong expertise in application security testing, vulnerability management, secure development practices, infrastructure security assessments, and security governance. The role will work closely with development, DevSecOps, infrastructure, and security teams to ensure security risks are identified, assessed, and effectively remediated.

Key Responsibilities

• Review and validate findings from Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.

• Assess application vulnerabilities and security risks, ensuring appropriate remediation actions are implemented.

• Evaluate adherence to secure coding standards, application security policies, and secure software development practices.

• Audit operating systems, databases, containers, APIs, web applications, and supporting infrastructure for vulnerabilities and security misconfigurations.

• Assess the effectiveness of security hardening measures across servers, applications, databases, containers, cloud platforms, and middleware components.

• Perform vulnerability assessments across infrastructure, cloud, and containerized environments.

• Conduct host-level vulnerability scanning and validate scan results for accuracy, completeness, and relevance.

• Perform container image and runtime security assessments across development and production environments.

• Analyze and validate Common Vulnerabilities and Exposures (CVEs) by assessing severity, exploitability, business impact, and environmental risk.

• Identify false positives and provide technical justification where applicable.

• Correlate security findings with asset criticality, business context, and regulatory requirements.

• Provide risk-based recommendations and remediation prioritization based on exposure and business impact.

• Work closely with development, infrastructure, cloud, and DevSecOps teams to drive remediation activities.

• Produce detailed security assessment and vulnerability assessment reports, including findings, risk ratings, remediation recommendations, and tracking status.

• Maintain vulnerability tracking and support re-validation activities following remediation.

• Support internal and external security audits related to application and infrastructure security.

• Monitor emerging threats, vulnerabilities, attack techniques, and industry security trends.

• Contribute to the continuous improvement of application security, vulnerability management, and security governance processes.

Required Skills

• Bachelor's Degree in Computer Science, Cybersecurity, Information Security, or a related discipline.

• Minimum 4 years of experience in Application Security, Vulnerability Management, Security Assessment, Security Auditing, or Secure Software Development.

• Hands-on experience with security testing and assessment tools such as SonarQube, Fortify SAST/DAST, Burp Suite, OWASP ZAP, Nessus, Qualys, Rapid7, or equivalent solutions.

• Strong understanding of OWASP Top 10, secure coding principles, and application security testing methodologies.

• Experience performing vulnerability assessments, vulnerability analysis, and remediation validation.

• Strong understanding of CVE analysis, CVSS scoring, exploitability assessment, and risk prioritization.

• Knowledge of secure Software Development Lifecycle (SDLC) and CI/CD security practices.

• Familiarity with container technologies such as Docker and Kubernetes.

• Experience working with cloud platforms including AWS, Microsoft Azure, or Google Cloud Platform (GCP).

• Understanding of web application security, API security, authentication mechanisms, and infrastructure security controls.

• Strong technical report-writing, documentation, and stakeholder communication skills.

• Experience working within Agile, DevOps, or DevSecOps environments.

Preferred Skills

• Experience supporting enterprise-scale application security and vulnerability management programs.

• Knowledge of cloud security architecture and container security best practices.

• Familiarity with Infrastructure as Code (IaC) security reviews and security automation practices.

• Experience with security governance, risk management, and compliance frameworks.

• Exposure to penetration testing methodologies and security assessment engagements.

Certifications

• CREST Certified Pen Tester or equivalent security assessment certification.

• CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional).

• AWS Certified DevSecOps Engineer – Professional, AWS Security Specialty, or equivalent cloud security certification is highly desirable.

Key Competencies

• Strong analytical and investigative mindset with attention to detail.

• Ability to assess technical risks and prioritize remediation effectively.

• Excellent troubleshooting and problem-solving capabilities.

• Strong communication and stakeholder engagement skills.

• Ability to interpret technical findings and communicate risks to both technical and non-technical audiences.

• Knowledge of security and compliance frameworks such as ISO 27001, PCI-DSS, GDPR, and industry best practices.

• Ability to work independently and collaboratively within cross-functional teams.

Application Note

Interested applicants may send their CV directly to [email protected] for consideration.