Product Security Vulnerability Management Engineer

Job description

We’re looking for people to join the Access family, who share our passion for believing in better, and who will help us continue to grow.Love Work.

Love Life.

Be You.

- is central to our success and how we give our customers the freedom to do more of what's important to them.We offer a blended approach to office working, encouraging you to collaborate and connect in one of our thriving offices.

We deliver on what we say, taking the development of our people seriously.

We’ll work with you to progress your success plan and provide opportunities to accelerate your career.On top of a competitive salary, our wellbeing days taking you to 25 days leave a year and a health contribution, you’ll also be able to choose from a range of benefits to suit you.

We’re an organisation that likes to give back, so you’ll also have three charity days allocated to support a cause that matters to you.**Position Overview**We are seeking a motivated Product Security Vulnerability Management Engineer with 2-3 years of experience to support, manage, and contribute to our comprehensive product security program.

This role will be instrumental in operating and enhancing our Application Security Testing Platform, supporting the Secure Software Development Lifecycle (SSDLC) Platform, and enabling DevSecOps integration across our development ecosystem.The position focuses on maintaining automated security testing across the entire product stack while learning to implement secure development practices throughout the organization and collaborating closely with development teams to embed security throughout the software development lifecycle.The ideal candidate will have hands-on experience with automated security testing tools, DevSecOps practices, a solid foundation in product security principles, and be ready to take on increased responsibilities in vulnerability management, developer engagement, and security program optimization while continuing to develop their expertise in secure SDLC implementation and NIST framework alignment.**Key Responsibilities****Application Security Testing & Analysis*** Support the development and maintenance of testing orchestration processes to ensure seamless integration across multiple security tools* Assist in maintaining and optimizing the unified security testing platform integration with development workflows**DevSecOps Integration & Enablement*** Partner with development teams to integrate security testing into CI/CD pipelines and help reduce friction in security adoption* Support DevSecOps integration and orchestration activities, including container security scanning and policy as code implementation* Assist in maintaining pipeline security coverage and security gate automation across development workflows* Contribute to container vulnerability metrics collection and policy compliance monitoring* Support Infrastructure as Code (IaC) security scanning and compliance checks* Create security-focused monitoring and logging solutions for production environments with senior team guidance**Secure SDLC Support & Implementation*** Support threat modeling activities, security requirements generation, and secure architecture pattern implementation aligned with NIST Secure Software Development Framework* Contribute to the operation and maintenance of the Secure Software Development Lifecycle (SSDLC) Platform* Assist in ensuring security activities are integrated throughout the software development lifecycle* Support security gate implementation and help track security gate pass rates* Participate in architecture reviews and provide input on secure design patterns.* Contribute to security requirements coverage and documentation**Vulnerability Management & Reporting*** Track and report on key security metrics including vulnerability detection rates, false positive rates, and developer adoption metrics* Maintain vulnerability findings database and ensure accurate tracking of remediation efforts* Support mean time to remediation (MTTR) tracking and vulnerability aging metrics* Generate unified security reports from multiple testing tools for stakeholders and management* Monitor application security coverage and identify gaps in testing coverage across the application portfolio* Work collaboratively with development teams to support remediation of high-priority vulnerabilities* Support compliance efforts by ensuring alignment with NIST Cybersecurity Framework 2.0 controls**Developer Collaboration & Security Enablement*** Provide security guidance and training to developers on secure coding practices and vulnerability remediation* Support developer onboarding security tools and processes, contributing to improved adoption rates* Create and maintain developer-friendly documentation including integration playbooks and security guides* Contribute to developer security enablement programs and security champion initiatives* Support secure coding standards implementation and help track secure coding violations trends* Assist in security knowledge assessment activities and training satisfaction measurement**Process Improvement & Continuous Learning*** Identify opportunities to enhance the application security testing platform and reduce false positives* Evaluate and assist in piloting new security tools and technologies to improve detection capabilities* Contribute to security policy development and help establish security standards for application development* Support incident response activities related to application security vulnerabilities* Stay current with emerging threats and application security best practices through continuous learning* Contribute to continuous improvement in security automation and tool efficiency**Required Qualifications****Education & Experience:*** Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field* 2-3 years of hands-on experience in product security, application security, DevSecOps, or related security roles* Demonstrated experience with application security testing tools and methodologies* Experience supporting product security programs or secure development initiatives**Technical Skills:*** Proficiency with SAST, DAST, and SCA tools* Understanding of secure coding practices and common vulnerability types (OWASP Top 10, CWE Top 25)* Experience with CI/CD integration and DevSecOps principles* Familiarity with programming languages commonly used in enterprise environments (Python, Java, JavaScript, C#, etc.)* Knowledge of web application security concepts and testing methodologies* Basic understanding of threat modeling methodologies (STRIDE, PASTA)* Familiarity with container security and cloud-native application security concepts* Understanding of NIST frameworks including Cybersecurity Framework 2.0 and Secure Software Development Framework* Experience with Infrastructure as Code (IaC) security scanning tools* Knowledge of vulnerability management principles and practices**Soft Skills:*** Strong analytical and problem-solving abilities with attention to detail* Excellent communication skills for collaborating with technical and non-technical stakeholders* Ability to work in fast-paced, agile environments while maintaining security standards* Project management capabilities for coordinating security initiatives across multiple teams* Eagerness to learn and grow in product security expertise* Passion for continuous learning and staying current with security trends**Key Performance Indicators:*** Support improvement in mean time to detection (MTTD) for application vulnerabilities and maintain mean time to remediation (MTTR) below organizational targets* Help maintain false positive rate below 5% across all testing types through tool tuning and process optimization* Support achieving 95%+ developer adoption rate of security tools and processes* Contribute to pipeline security coverage metrics
#J-18808-Ljbffr

Required Skill Profession

Engineering