Security Engineer - Vuln Management (Code)

We are seeking a mid-level AppSec Vulnerability Management Engineer with a strong software development background. In this role, you will bridge the gap between security, compliance, and engineering teams. You will identify application vulnerabilities, maintain software supply chain security, and drive tracking to satisfy strict regulatory compliance frameworks. You will also serve as a technical responder during security incidents, deploying real-time countermeasures to protect our software ecosystem.

Core responsibilities include:

• Performing periodic application security scanning activities and reviewing results to prioritise flaws based on CVSS scores, real-world exploitability, and system exposure.

• Tracking, documenting, and managing vulnerabilities according to strict compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS).

• Escalating and reporting critical exposures directly to the CISO and senior leadership.

• Maintaining dashboards and alerting mechanisms that visualise vulnerability status, risk trends, and compliance posture.

• Owning the organisation's Software Bill of Materials (SBOM) and continually updating SBOM inventories to ensure compliance with modern regulatory requirements and dependency tracking.

• Partnering with development teams to provide clear mitigation paths and reviewing, writing, and patching code directly when necessary to resolve security flaws.

• Configuring and tuning automated security testing tools within CI/CD pipelines to reduce false positives for engineering teams.

• Assisting Incident Response teams during active breaches or security incidents and helping develop and implement immediate, real-time code or infrastructure countermeasures.

Required skills and experience include:

• 5 years of experience in Application Security, DevSecOps, or Software Engineering roles.

• Solid foundational experience working in a software development capacity.

• Ability to read, understand, and safely patch security flaws in JavaScript/TypeScript, Python, and Go.

• Strong familiarity with build systems, package managers, and compilation workflows across multiple languages and frameworks.

• Hands-on experience operating SAST, SCA, and Secret Scanning tools (such as Snyk, Socket, Wiz Code, Semgrep, or Checkmarx).

• Understanding of how vulnerability management maps to security compliance frameworks like SOC 2, ISO 27001, or NIST.

We value systems thinking, technical influence, autonomy, and problem-solving mindset.