Application Security Engineer

Overview

We are seeking an Application Security Engineer to support our cybersecurity operations by identifying, assessing, and mitigating vulnerabilities and application related risks across client environments. This role involves working with internal teams and external clients to improve security controls, reduce risk exposure, and enhance the overall security program, enhancing application integrity and security.

Responsibilities

• Performing vulnerability scans and assessments using industry-standard tools (e.g., Tenable.io, Qualys Veracode,  Sonaqube, Acunetix). 

• Analyzing scan results, prioritizing vulnerabilities and application configurations based on risk, and collaborating with IT/security teams for remediation. 

• Tracking, documenting, and reporting vulnerability and application audit findings, mitigation efforts, and compliance adherence. 

• Developing and maintaining application security and vulnerability management policies, procedures, and best practices. 

• Monitoring threat intelligence sources to understand emerging vulnerabilities and attack vectors. 

• Assisting in security patch management efforts and application enhancements, ensuring timely remediation of critical risks. 

• Conducting periodic security assessments to identify gaps in existing security controls. 

• Working closely with security engineers, system administrators, and development teams to integrate security best practices into system architectures. 

• Supporting compliance efforts related to vulnerability management and application compliance practices around software development (e.g., CIS, NIST, ISO 27001) 

• Providing recommendations for security improvements and risk reduction strategies. 

Qualifications

• 3+ years of experience in vulnerability management, cybersecurity operations, or related field. 
• Hands-on experience with vulnerability scanning tools such as Tenable.io or Qualys. 
• Understanding of common vulnerabilities (CVE database, OWASP Top 10) and mitigation strategies. 
• Knowledge of IT infrastructure, including operating systems, networks, and cloud environments. 
• Familiarity with security frameworks such as NIST CSF, CIS Controls,PCI DSS v4.0 and ISO 27001. 
• Strong analytical and problem-solving skills. 
• Excellent communication skills, with the ability to explain technical risks to non-technical stakeholders. 
• Experience with ticketing systems and tracking vulnerability remediation efforts. 

Preferred Qualifications: 

• Industry certifications such as Security+, CEH, CISSP, or GCIH. 

• Experience with scripting and automation (Python, PowerShell, or Bash). 

• Knowledge of cloud security best practices (AWS, Azure, GCP). 

• Experience working in a security consulting or managed services environment. 

Perks & Benefits

• 5 weeks of holidays + extracorporate day off
• Sick days
• Flexibility to work from home most of the week
• Certain flexibility to schedule your working hours
• Cafeteria system (use points on Flexipasses, pension/life insurance, or Multisport card)
• Meal allowance 

About IDG:

For more than five decades IDG, Inc. and its businesses have been at the forefront of every major shift in the technology market, providing critical insights for tech suppliers and buyers. Our vision is to make the world a better place through technology. Through our global brands, IDC and Foundry, we offer proprietary data, innovative platforms, and trusted content.

Recruitment Fraud Notice: IDG/IDC/Foundry would like to inform you that we conduct our formal communications via corporate email, our Applicant Tracking System iCIMS, LinkedIn messaging, or directly by phone. We do not use any other platform (including Telegram, WhatsApp, Signal, text, instant message, etc.) to communicate with prospective candidates. If you receive any communication outside of our formal communications channels, please ignore it and block the sender or caller. In addition, we do not ask candidates to provide sensitive personally identifiable information such as bank account or social security numbers. If you have been contacted by someone claiming to represent a job offer, please report it as potential job fraud to law enforcement.