Back to search
Aquent Linkedin · Posted 3d ago

Application Security & Remediation Engineer [211229]

Canton

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Application Security & Remediation Engineer

Remote

$92 / hourly

As an Application Security & Remediation Engineer on our Attack & Pentest team, you will bridge the gap between offensive security discovery and defensive engineering. You won't just find vulnerabilities; you will own the critical process of validating exploitability, calculating real-world business risk, and collaborating directly with engineering teams to ensure effective remediation.

This is a highly technical, hands-on role perfect for an offensive security professional who wants to maximize their impact by ensuring vulnerabilities are not just documented, but permanently resolved.

Core Responsibilities

  • Advanced Triage & Exploitation: Review, validate, and replicate incoming vulnerability reports (including internal testing, automated tooling, and crowdsourced programs). Assess severity and business impact, and build clear proof-of-concept (PoC) reproductions.
  • Remediation Consultation: Partner closely with application security, DevOps, and engineering teams to provide clear, actionable remediation guidance and architectural context.
  • Targeted Retesting: Perform manual and automated validation testing of remediated applications and infrastructure to verify that code fixes are robust and complete.
  • Vulnerability Orchestration: Monitor remediation timelines against organizational SLAs, coordinate with development squads to unblock complex fixes, and escalate systemic risks when necessary.
  • Data & Metrics: Maintain high-fidelity records within our vulnerability management ecosystem and contribute to executive-level metrics regarding corporate risk posture.
  • Strategic Process Improvement: Identify patterns in recurring vulnerabilities to recommend systemic guardrails, CI/CD tooling enhancements, or developer training initiatives to eliminate bug classes at the source.

Required Qualifications

  • Experience: 3+ years of hands-on experience in offensive security, penetration testing, or technical application security engineering (web apps, APIs, cloud-native infrastructure).
  • Triage Mastery: Proven experience analyzing and prioritizing vulnerabilities at scale using framework methodologies (CVSS, CWE, OWASP Top 10).
  • Technical Communication: Exceptional ability to write reproducible PoCs and translate complex cryptographic, logic, or code flaws into clear remediation steps for developers.
  • Ecosystem Knowledge: Deep understanding of modern SDLC practices, Git-based workflows, and how security testing integrates into the development lifecycle.
  • Tools: Proficient with core offensive testing tooling (e.g., Burp Suite Pro, Caido, Nuclei) and familiarity with ticketing/vulnerability management platforms (e.g., Jira, DefectDojo).

Preferred Qualifications

  • Certifications: OSCP, GWAPT, GPEN, BSCP, or equivalent practical offensive security certifications.
  • Automation: Scripting capabilities (Python, Bash, Go) to automate routine validation and retesting workflows.
  • Cloud & Modern Infrastructure: Foundational security knowledge of cloud environments (AWS/Azure/GCP) and containerized environments (Kubernetes/Docker).
  • Industry Experience: Familiarity with securing highly regulated environments (e.g., financial services, healthcare) and handling bug bounty programs
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent