Application Security Analyst - Vulnerability Management

Team: Information Security

Location: Hyderabad, India

Commitment: Full-time

Workplace Type: hybrid

Responsibilities

• Own the day-to-day triage and lifecycle management of application security findings across multiple tools
• Analyze and triage findings from: SAST, SCA to identify dependency risk, exploitability, upgrade paths, secrets scanning and Microsoft Defender – application, container, and cloud workload findings
• Validate findings for false positives, duplicates, environmental relevance, actual exploitability and impact
• Prioritize vulnerabilities based on risk, asset criticality, and business context
• Track remediation progress and enforce agreed-upon SLAs
• Leverage an Application Security Posture Management (ASPM) platform to:
• Correlate findings across application security tool set (SAST, DAST, SCA etc.)
• Reduce noise and improve prioritization accuracy
• Help maintain and improve risk scoring logic, findings normalization, exception and suppression workflows
• Identify gaps in coverage, data quality, or process and propose improvements
• Create and maintain reports and dashboards for different personas: developers (actionable, repo-level views), security leadership (risk posture, trends, SLA compliance) engineering leadership (program health, recurring issues)
• Track and communicate metrics such as: Open vs. closed vulnerabilities, mean time to remediate (MTTR), recurring vulnerability patterns, tool signal-to-noise ratio
• Provide clear, practical remediation guidance for developers, including:
• What the issue is and why it matters
• How to fix it (secure coding patterns, dependency upgrades, config changes)
• When compensating controls or risk acceptance may be appropriate
• Partner directly with development teams to:
• Answer follow-up questions
• Validate fixes
• Reduce repeat findings through education and pattern identification
• Serve as a security point of contact who is helpful, pragmatic, and technically credible
• Communication & Influence
• Communicate risk clearly and professionally to both technical and non-technical stakeholders
• Confidently defend triage decisions and prioritization logic
• Maintain composure and effectiveness when working with strong personalities
• Push back respectfully when security risk is being underestimated or deprioritized

Qualifications

• 3+ years of experience in Application Security, Vulnerability Management
• Hands-on experience with appsec tool chain SAST, SCA, DAST (Appcheck, Mend.IO, SonorQube, Veracode, Snyk etc.) 
• Working knowledge of application security fundamentals:
• OWASP Top 10
• Common CWEs and CVEs
• Strong organizational skills with the ability to manage and prioritize large vulnerability backlogs
• Ability to translate technical findings into clear remediation guidance
• Experience using or operating within an ASPM platform
• Familiarity with CI/CD pipelines and GitHub-based workflows
• Experience reducing false positives and tuning AppSec tools
• Exposure to containerized or microservices-based architectures
• Comfort working in fast-paced engineering environments
• Experience operating in AWS-based environments
• Strong written and verbal communication skills

Working Conditions

• This position is a hybrid, based in the Hyderabad, India. Requiring 2 days a week in the office.
• The Information Security Engineer may be required to work flexible hours to accommodate different time zones or urgent situations.


Please note that the above job description represents a general overview of the responsibilities and requirements for this position at Accurate Background. Duties and qualifications may vary based on specific business needs and organizational changes.