[Remote] Information Security Engineer IV
Note: The job is a remote job and is open to candidates in USA. Encore Talent Solutions is a trusted professional services firm dedicated to helping organizations achieve their goals by providing exceptional talent solutions. They are seeking an Information Security Engineer to support the operational processes of the Enterprise Vulnerability Management and Application Security program, focusing on vulnerability intake, triage, validation, prioritization, and remediation tracking.
Responsibilities
- Review and triage vulnerability submissions received through the Vulnerability Disclosure Program (VDP) and Bug Bounty Program (BBP)
- Validate the technical accuracy, exploitability, and business impact of reported vulnerabilities
- Assess vulnerability severity using established scoring methodologies and application security standards
- De-duplicate, classify, and disposition invalid, duplicate, or non-actionable vulnerability reports
- Classify vulnerabilities using established taxonomies and assign remediation owners through defined governance processes
- Track vulnerabilities through centralized vulnerability management platforms and monitor remediation progress
- Evaluate false-positive requests submitted by application teams and provide evidence-based determinations
- Analyze findings from Static Application Security Testing (SAST), Software Composition Analysis (SCA), and other security scanning tools
- Perform source code reviews as needed to validate application security findings
- Maintain defensible documentation supporting audit, compliance, regulatory, and internal review requirements
- Contribute to the continuous improvement of vulnerability triage procedures, playbooks, standards, and operational processes
- Stay informed on emerging threats, application security trends, and common vulnerabilities such as the OWASP Top 10
- Escalate high-risk or time-sensitive vulnerabilities when appropriate
- Clearly communicate security findings, business impact, and remediation guidance to technical and non-technical stakeholders
- Partner with application development and engineering teams to support timely vulnerability remediation and secure development practices
Skills
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field; equivalent practical experience will be considered
- 3–5 years of experience in Information Security, Application Security, Vulnerability Management, or a related cybersecurity discipline
- Proficiency in: Vulnerability triage, validation, and prioritization, Application security principles, Secure software development practices, OWASP Top 10 and common application vulnerabilities, Vulnerability risk assessment and remediation processes
- Strong analytical and problem-solving skills with the ability to assess exploitability and business risk
- Experience reviewing vulnerability reports and validating technical findings
- Excellent written and verbal communication skills with the ability to communicate effectively across technical teams, business stakeholders, and leadership
- Strong attention to detail and the ability to make defensible, evidence-based security decisions
- Ability to work collaboratively in a fast-paced, cross-functional environment
- Experience reviewing source code to validate application security vulnerabilities
- Experience with vulnerability management platforms, ticketing systems, dashboards, or security workflow tools
- Familiarity with application security testing technologies including: Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST)
- Experience working with secure development lifecycle (SDLC) practices
- Previous experience collaborating with distributed or offshore development teams
- Experience within the financial services or other highly regulated industries
- Industry certifications such as: CompTIA Security+, GIAC (GWAPT, GSEC, or similar), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security certifications (OSCP or similar)
Benefits
- Collaborative team environment with opportunities for professional growth, continuous learning, and advancement in enterprise application security and vulnerability management.
Company Overview