Vulnerability Management Engineer – Application Security (Mid-Level)

Vulnerability Management Engineer – Application Security (Mid-Level)

NTT DATA is a team of more than 139,000 diverse professionals operating in more than 50 countries worldwide. Our sectors of activity include telecommunications, finance, industry, utilities, energy, public administration, and health.

Our mission? Offer technological solutions, business, strategy, development, and application maintenance while being a benchmark in consulting. Thanks to the collaboration between teams, the human quality of our people, and the fact that we do not conform to what is established, we always seek innovation that brings us closer to the future.

Our essence has led us to the forefront of technology, breaking paradigms and providing solutions that truly respond to each client's needs. Our talent has led us to be one of the top six technology companies in the world.

Because #Greattech, needs #GreatPeople, like you

NTT Data seeks high-achieving team players who quickly adapt to new challenges and entrepreneurial ventures. We are looking for a Vulnerability Engineer to work with our global client onsite in Valencia, Spain OR remote in LATAM.

Location: Valencia, Spain or LATAM - if in Valencia, Spain will be 100% onsite, if in LATAM will be 100% remote
Working Hours: U.S. Eastern Time (9:00 AM – 5:00 PM ET)

Role Overview

We are seeking a mid-level engineer to identify, manage, and remediate application vulnerabilities throughout the software development lifecycle. This role plays a key part in maintaining our security posture across web, mobile, and cloud-based applications. Ideal candidates will have deep technical curiosity and practical experience with vulnerability scanning, security assessments, prioritization, and coordination of remediation efforts.

Key Responsibilities

• Execute and support application vulnerability assessments (SAST, DAST, SCA, and manual code review), ensuring findings are accurate, actionable, and relevant to application risk.
• Validate scanner results, perform false-positive analysis, and track findings through remediation, including retesting to confirm effective fixes.
• Manage multiple application security initiatives concurrently while meeting strict timelines in a fast‑paced environment.
• Prioritize vulnerabilities based on business impact, exploitability, exposure, and likelihood, using industry best practices (e.g., CVSS scoring).
• Develop and maintain dashboards and reports tracking vulnerability metrics such as severity distribution, remediation SLAs, and mean time to remediation (MTTR).
• Support the integration of security scanning and vulnerability workflows into CI/CD pipelines, leveraging existing tooling and automation.
• Facilitate remediation planning by providing actionable recommendations and coordinating root cause analysis.
• Support threat modeling and application risk assessments, with a focus on discovering insecure design patterns.
• Participate in high‑severity or zero‑day vulnerability response activities, including impact analysis and coordinated remediation efforts, as needed.
• Provide input into policies and standards related to application and cloud security controls.

Required Qualifications

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or related discipline—or equivalent professional experience.
• 5-7  years of relevant experience in application security and/or vulnerability management.
• Solid understanding of common vulnerability classes (e.g., OWASP Top 10) and secure architecture principles.
• Proficiency in using Burp Suite for manual security testing of web applications and APIs, including validation of automated findings and identification of complex authentication, authorization, and business‑logic vulnerabilities.
• Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and common network discovery tools (e.g., Nmap).
• Familiarity with NIST, MITRE ATT&CK, and CIS benchmarks.
• Programming/scripting proficiency in languages such as Python, Java, .NET, or similar.
• Excellent documentation, communication, and stakeholder engagement skills.

Preferred Qualifications & Certifications

• Professional certifications (e.g., Security+, SSCP, GWAPT, or pursuing CISSP, OSCP).
• Experience using the ServiceNow platform for vulnerability or incident tracking.
• Proficiency in Azure cloud and Azure DevOps environments.
• Experience using Power BI or similar tools to visualize vulnerability metrics and remediation trends for technical and non-technical stakeholders.

Why NTT Data?   

Empowerment and rewards are the cornerstone of our career development model. We are a young, fast-growing company, with a highly innovative and entrepreneurial spirit, because of this professional experience and growth will be unmatched. Our talent and positive attitude allow us to transform our goals into achievements, and projects into realities.

NTT Data is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. NTT Data is an Equal Opportunity Employer Male/Female/Disabled/Veteran and a VEVRAA Federal Contractor.