VULNERABILITY MANAGEMENT & APPLICATION SECURITY LIAISON SPOC
delan-associates-inc
Contractmid
Job description
Experience: 10+
Contract: Long Term
‼️Only GC, USC‼️
Expanded Key Responsibilities
Infrastructure & Full-Stack Triage
Analyze infrastructure-adjacent flaws by applying a solid understanding of Linux and Windows operating system vulnerabilities.
Oversee containerized security within OpenShift Container Platform (OCP), ensuring image scanning findings are triaged effectively.
Collaborate on data-layer risk, tracking and managing vulnerabilities related to databases (e.g., Oracle, SQL Server, PostgreSQL) and core middleware components (e.g., Apache, Tomcat, WebSphere).
Cross-reference application flaws (Checkmarx/Black Duck) with host-level and container-level vulnerabilities to determine the true, contextual runtime risk.
Automation & Platform Transformation
Track IDP Adoption: Partner with Platform Engineering to ensure development squads migrate to the Internal Developer Platform, standardizing secure guardrails.
Measure AI Security Adoption: Track and report metrics on how effectively developers utilize AI-driven security companions to triage and fix code flaws.
Govern Test Automation: Collaborate with QA and DevOps to embed automated security gates seamlessly into continuous integration pipelines.
Continuous Monitoring: Build dashboards that display automation maturity, remediation velocity, and the reduction of manual security operations. [1]
Cross-Functional Orchestration & Governance
Act as the primary SPOC aligning App Dev, AppSec, and Production Support teams to prioritize and resolve software flaws.
Enforce remediation SLAs ensuring security patches are delivered according to corporate compliance and risk thresholds.
Govern the Exception Management workflow, reviewing developer risk-acceptance requests and documenting temporary business justifications.
Integrate security fixes with Change Management protocols (e.g., ServiceNow) to ensure production support stability remains intact during deployments.
Local & Hybrid Expectations
Work Structure: 2-3 days on-site, 2-3 days remote (Hybrid).
Location Options: Iselin, NJ (Metropark) or Charlotte, NC (Corporate Hub).
Qualifications & Skills
Technical Requirements
AppSec Tooling: Foundational knowledge 3+ years managing workflows in Checkmarx (SAST) and Black Duck (SCA).
Infrastructure Stack: Strong foundational knowledge of Linux, Windows Server, OpenShift Container Platform (OCP), databases, and middleware technologies.
Modern Engineering Frameworks: Practical understanding of Internal Developer Platforms (IDPs) and DevSecOps pipelines.
Automation & AI: Direct experience tracking or managing test automation frameworks and AI-assisted coding/security tools.