W2 Vulnerability Management Somerset, NJ Day--Oniste

Overview

Job Title: Vulnerability Management

Location: Somerset, NJ (Onsite)

Look for profiles with vulnerability management, Rapid7, Qualys, Attack Surface Management, OWASP ZAP, Burp Suite etc.

We are seeking a technically strong Vulnerability Management Analyst / Engineer to lead vulnerability identification, prioritization, and remediation across infrastructure, web applications, and cloud environments. This role combines hands-on scanning, threat-informed prioritization, and cross-functional remediation coordination to reduce risk and improve time to remediation.

5+ years of vulnerability management, application security, or penetration testing experience preferred.

• 5+ years of experience in Vulnerability Management, Application Security, or Penetration Testing
• Hands-on experience with:
  • Qualys VMDR
  • Rapid7 InsightVM
  • Tenable / Nessus
  • Wiz
  • Burp Suite
  • OWASP ZAP
  • Veracode
  • Checkmarx
  • Insight App Sec
• Strong understanding of:
  • Vulnerability Management Lifecycle
  • Attack Surface Management (ASM)
  • Web Application Security
  • DAST Testing
  • OWASP Top 10
  • SANS Top 25
  • CVSS, EPSS, and CISA KEV
• Experience performing manual validation of vulnerabilities including:
  • SQL Injection (SQLi)
  • Cross-Site Scripting (XSS)
  • CSRF
  • SSRF
  • IDOR
  • Authentication Bypass
• Experience with cloud security across AWS, Azure, and GCP
• Strong scripting experience with Python, Power Shell, or Bash
• Experience with vulnerability remediation tracking, reporting, and executive dashboards

• OSCP, GWAPT, CEH, CSSLP, or equivalent certifications
• Experience with penetration testing and application security assessments
• Knowledge of PCI-DSS, NIST, CIS Controls, ISO 27001, HIPAA, and GDPR
• Experience with external attack surface monitoring and exposure management tools such as Shodan, Security Scorecard, Bit Sight, and SSLScan
• Experience with container security and CI/CD security integrations

• Manage the end-to-end vulnerability management lifecycle
• Conduct vulnerability assessments across infrastructure, cloud, applications, and web environments
• Perform DAST and manual web application security testing
• Prioritize vulnerabilities using CVSS, EPSS, threat intelligence, and business impact
• Partner with Infrastructure, Dev Ops, Engineering, and Security teams to drive remediation
• Develop executive-level risk and remediation reporting
• Respond to critical and zero-day vulnerabilities
• Improve vulnerability management processes and security posture across the organization

Vulnerability Management, Attack Surface Management, ASM, Qualys, Rapid7, Insight

VM, Tenable, Nessus, Wiz, Burp Suite, OWASP ZAP, Veracode, Checkmarx, Insight App Sec , DAST, Application Security, Web Security, Cloud Security, AWS, Azure, GCP, CVSS, EPSS, CISA, Python, Penetration Testing, OWASP Top 10.