Back to jobs

VULNERABILITY MANAGEMENT & APPLICATION SECURITY LIAISON SPOC

delan-associates-inc
Contractmid

Job description

Experience: 10+ Contract: Long Term ‼️Only GC, USC‼️ Expanded Key Responsibilities Infrastructure & Full-Stack Triage Analyze infrastructure-adjacent flaws by applying a solid understanding of Linux and Windows operating system vulnerabilities. Oversee containerized security within OpenShift Container Platform (OCP), ensuring image scanning findings are triaged effectively. Collaborate on data-layer risk, tracking and managing vulnerabilities related to databases (e.g., Oracle, SQL Server, PostgreSQL) and core middleware components (e.g., Apache, Tomcat, WebSphere). Cross-reference application flaws (Checkmarx/Black Duck) with host-level and container-level vulnerabilities to determine the true, contextual runtime risk. Automation & Platform Transformation Track IDP Adoption: Partner with Platform Engineering to ensure development squads migrate to the Internal Developer Platform, standardizing secure guardrails. Measure AI Security Adoption: Track and report metrics on how effectively developers utilize AI-driven security companions to triage and fix code flaws. Govern Test Automation: Collaborate with QA and DevOps to embed automated security gates seamlessly into continuous integration pipelines. Continuous Monitoring: Build dashboards that display automation maturity, remediation velocity, and the reduction of manual security operations. [1] Cross-Functional Orchestration & Governance Act as the primary SPOC aligning App Dev, AppSec, and Production Support teams to prioritize and resolve software flaws. Enforce remediation SLAs ensuring security patches are delivered according to corporate compliance and risk thresholds. Govern the Exception Management workflow, reviewing developer risk-acceptance requests and documenting temporary business justifications. Integrate security fixes with Change Management protocols (e.g., ServiceNow) to ensure production support stability remains intact during deployments. Local & Hybrid Expectations Work Structure: 2-3 days on-site, 2-3 days remote (Hybrid). Location Options: Iselin, NJ (Metropark) or Charlotte, NC (Corporate Hub). Qualifications & Skills Technical Requirements AppSec Tooling: Foundational knowledge 3+ years managing workflows in Checkmarx (SAST) and Black Duck (SCA). Infrastructure Stack: Strong foundational knowledge of Linux, Windows Server, OpenShift Container Platform (OCP), databases, and middleware technologies. Modern Engineering Frameworks: Practical understanding of Internal Developer Platforms (IDPs) and DevSecOps pipelines. Automation & AI: Direct experience tracking or managing test automation frameworks and AI-assisted coding/security tools.