Responsibilities:
- Manage end-to-end vulnerability lifecycle, including detection, triage, remediation tracking, and reporting.
- Integrate and operationalize vulnerability scanning tools within CI/CD and SSDLC environments (e.g., SAST, DAST, secret scanning, container scanning).
- Develop and maintain automation scripts (preferably in Python) to streamline vulnerability management workflows and reporting.
- Analyze vulnerabilities to determine root causes and recommend effective mitigating controls.
- Conduct threat modeling exercises to identify potential security risks from system architecture diagrams and design documents.
- Collaborate with development, infrastructure, and risk teams to ensure timely remediation and risk reduction.
- Communicate vulnerability findings clearly to stakeholders, articulating technical details and the business impact of mitigation strategies.
- Support continuous improvement of vulnerability management processes, tools, and metrics.

Skillset:

• Proven experience in vulnerability management within CI/CD or SSDLC environments
• Hands-on experience with tools, such as OSS, SAST, Container Scanning, or similar
• Proficiency in scripting languages (e.g. Python) for automation and data analysis
• Strong understanding of secure coding practices and common vulnerability types (e.g. OWASP Top 10)
• Experience in root cause analysis and remediation strategy development
• Familiarity with threat modeling methodologies and tools
• Excellent communication and stakeholder management skills

Please refer to U3's Privacy Notice for Job Applicants/Seekers at https://u3infotech.com/privacy-notice-job-applicants/. When you apply, you voluntarily consent to the collection, use and disclosure of your personal data for recruitment/employment and related purposes.