Location: Brooklyn, NY 11201
Duration: 2-year contract
A large enterprise organization is seeking an experienced Application Security Vulnerability Assessment Engineer to identify, validate, and provide remediation guidance for vulnerabilities across a diverse application portfolio. This role focuses on operating and fine-tuning SAST/DAST tools to establish high-fidelity security baselines, performing manual validation of findings, and delivering actionable remediation guidance to development teams. The position also includes leading knowledge transfer sessions to upskill internal staff on application security best practices.
The Engineer will be responsible for maintaining continuous application security coverage by leveraging automated and manual assessment techniques. The role requires deep technical expertise in vulnerability assessment, strong communication skills to partner effectively with development teams, and the ability to produce defensible, audit-ready security documentation.
Operate and maintain industry-standard SAST/DAST tools (e.g., AppScan, Veracode, Burp Suite)
Scope application assessments by identifying critical components, integrations, and APIs
Configure and fine-tune scan profiles to reduce false positives and ensure consistent, high-quality results
Manage the full lifecycle of authenticated and unauthenticated security scans, including scheduling and profile management
Validate automated findings through manual testing and exploit reproduction
Document false positives with detailed root-cause analysis and technical justification
Identify recurring vulnerability patterns and systemic architectural weaknesses
Produce clear, defensible vulnerability reports with technical evidence and executive-level summaries
Prioritize remediation efforts by correlating technical severity, business criticality, and data sensitivity
Partner with development teams to translate security findings into actionable remediation requirements
Provide prescriptive coding and design-level mitigation guidance
Recommend and implement compensating controls when direct remediation is not immediately feasible
Lead technical walkthroughs and working sessions to reduce time-to-fix
Conduct structured knowledge transfer sessions to train internal teams on assessment methodologies and security best practices
Note: Candidates who do not meet the mandatory requirements will not be considered.
Minimum of 12 years of hands-on experience in Application Security, Vulnerability Assessment, or Penetration Testing
Advanced knowledge of OWASP Top 10 and NIST 800-53
Practical experience configuring and operating SAST/DAST tools (AppScan, Veracode, Burp Suite)
Proven ability to clearly explain technical vulnerabilities and provide design-level remediation guidance
Strong proficiency with CVSS scoring to align technical severity with business impact and data sensitivity
Experience assessing cloud-native applications, APIs, and microservices (AWS, Azure, GCP)
Strong understanding of Agile and SDLC processes
Advanced manual testing skills to validate automated findings and identify complex business logic flaws
Experience working in large, complex enterprise or public-sector environments
For more details reach at resumes@navitassols.com.
About Navitas Partners, LLC: It is a certified WBENC and one of the fastest-growing Technical / IT staffing firms in the US providing services to numerous clients. We offer the most competitive pay for every position. We understand this is a partnership. You will not be blindsided and your salary will be discussed upfront.