Information Security Engineer

Information Security Engineer

Location:

Anywhere (Remote)

Type:
Contract
• Category:
Security
• Industry: Financial Services

Reference  -

Date Posted: 06/22/2026

Rate: $80.00 to $90.00/hr w2

Our client seeks an Information Security Engineer to support Enterprise Vulnerability Management Application Security operations. The role focuses on vulnerability intake, triage, validation, including managing submissions from the Vulnerability Disclosure and Bug Bounty Programs and evaluating false positive review requests. The engineer will assess validity and impact, coordinate remediation ownership, track items within centralized processes, and communicate findings and guidance to application and engineering teams.

• Review and triage vulnerability submissions from external researchers through VDP and BBP.
• Validate technical accuracy, exploitability, and business impact.
• Assess severity using established scoring models and program standards.
• De-duplicate and disposition invalid or non-actionable submissions.
• Classify vulnerabilities using established taxonomy and assign remediation owners.
• Support vulnerability tracking within centralized tools and processes.
• Evaluate false positive requests from application teams.
• Analyze SAST and SCA findings and perform source code review as needed.
• Provide evidence-based dispositions with clear rationale.
• Contribute to triage standards, playbooks, and procedures.
• Maintain awareness of common application security vulnerabilities and emerging threats.
• Ensure alignment with internal policies, standards, and regulatory expectations.
• Maintain defensible documentation and evidence for audit and reviews.
• Escalate high-risk or time-sensitive vulnerabilities as appropriate.
• Communicate findings, impact, and remediation guidance to stakeholders and partner to enable timely remediation.

• 3–5 years in information security, application security, or vulnerability management.
• Experience with vulnerability triage, validation, and prioritization.
• Strong understanding of application security principles, secure development practices, and common vulnerabilities such as the OWASP Top 10.
• Familiarity with vulnerability scanning tools and outputs including SAST, SCA, and DAST.
• Ability to review and understand source code to validate vulnerabilities.
• Experience with vulnerability management or tracking platforms such as ticketing systems and dashboards.
• Strong analytical skills to assess exploitability and business risk.
• Strong attention to detail and ability to make defensible decisions.
• Effective verbal and written communication tailored to management, business sponsors, and technical resources.
• Previous experience with distributed or offshore teams desired.
• Financial industry experience is a plus.

• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent practical experience.

W2 employees eligible for medical, dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law.

Eliassen is committed to building a diverse and inclusive team from a variety of backgrounds, perspectives, and skills. We are an Equal Opportunity and affirmative action employer and all employment decisions are based on merit, performance, and business needs. Eliassen does not discriminate on the basis of race, color, gender identity or expression, sexual preference or orientation, sex (including pregnancy, childbirth, and related medical conditions), marital status, creed, religion, physical or mental disability, genetic information, military or veteran status, age, ancestry, national origin, citizenship status, prohibited criminal record inquiries of applicants and employees, or any other category protected by federal, state, or local laws.