This position is posted by Jobgether on behalf of American Recruiting & Consulting Group. We are currently looking for a Vulnerability Engineer in the United States. This role is a fully remote position aligned with Eastern Time Zone hours, offering the chance to make a direct impact on the security of enterprise web applications and systems. As a key member of the cybersecurity team, you will be responsible for safeguarding applications against threats by managing web application firewalls, bot protection tools, and vulnerability scanning solutions. You will collaborate closely with developers and cross-functional teams to identify, prioritize, and remediate vulnerabilities while contributing to the creation of secure coding practices and robust security policies. The position combines hands-on technical work, process development, and proactive defense strategies to maintain a strong security posture in an evolving threat landscape.

Accountabilities Implement and manage web application firewalls (WAFs) and bot protection systems to detect and block malicious traffic. Operate and maintain vulnerability scanning tools (e.g., HCL AppScan, Burp Suite, ZAP, Nessus) to identify and remediate security weaknesses. Develop and update security policies, procedures, and technical documentation related to WAFs, bot protection, and vulnerability management. Work closely with cross-functional teams to integrate security tools into other systems and workflows. Conduct dynamic and static vulnerability scanning throughout the development lifecycle. Prioritize vulnerabilities based on risk and collaborate with development teams to implement remediation and secure coding practices. Provide training and guidance to technical teams regarding vulnerability findings and mitigation strategies. Monitor industry trends and emerging threats, recommending improvements to enhance application security. Requirements Minimum 4 years of experience in vulnerability management, with strong knowledge of web application vulnerabilities and remediation techniques. Experience with security testing tools such as HCL AppScan, Burp Suite, Zed Attack Proxy, or Nessus. At least 1 year of experience in infrastructure or development. SSCP (or higher) certification required within 180 days of hire. Strong analytical and problem-solving skills to address complex technical challenges. Excellent communication and collaboration abilities to work with cross-functional teams. Preferred: experience with F5 WAFs, scripting in PowerShell or Python, and familiarity with Agile/DevOps methodologies. Benefits Fully remote role, working Eastern Time Zone business hours. Long-term contract through December 2025, with strong potential for extension or full-time conversion. Competitive compensation based on experience and qualifications. Opportunity to work with cutting-edge security tools and technologies. Inclusive, collaborative work environment that values diversity and innovation.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching. When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly. Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements. It compares your profile to the job’s core requirements and past success factors to determine your match score. Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role. When necessary, our human team may perform an additional manual review to ensure no strong profile is missed. The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team. Thank you for your interest!

#LI-CL1