Principal Application Security Engineer (Vulnerability Management)

About the job

About Us

• Design, implement, and lead the Vulnerability Management program, ensuring vulnerabilities (across infrastructure and applications) are continuously identified, risk assessed, and remediated in alignment with Diligents Vulnerability Management Standard and timelines.
• Provide technical leadership and mentorship to application security engineers and other stakeholders involved in secure software development.
• Drive collaboration with Engineering to ensure timely application of security patches and mitigation of vulnerabilities, including clear escalation paths, exception management, and compliance reporting.
• Influence engineering practices and culture by developing and advocating secure coding standards, response runbooks, and risk-based remediation guidance.
• Serve as a primary escalation point for complex vulnerability management issues and customer or audit inquiries related to application security.
• Participate actively in risk evaluation, prioritization, remediation planning, and exception handling processes for high-risk vulnerabilities.
• Liaising with cross-functional partners to strengthen overall security posture.
  

Required Experience And Skills

• Bachelors degree in Computer Science or related discipline
• Minimum 10 years of professional experience in application design, development, and security for web and mobile applications.
• Excellent knowledge of security concepts related to Internet technologies, architectures, and protocols, as well as application software security concepts. This includes extensive experience in mitigating vulnerabilities
• Deep understanding of vulnerability management frameworks and security best practices (e.g., asset inventory, vulnerability assessment and scanning, patch management, risk/timeline evaluation, remediation, and exception handling).
• Proven experience designing, implementing, and refining vulnerability lifecycle processes, including asset inventory management, vulnerability identification, risk validation, prioritization, remediation tracking, verification, and exception handling.
• Advanced communication skills, with demonstrated ability to coordinate across engineering, operations, risk management, audit, compliance, and executive teams to ensure timely vulnerability remediation and alignment with business objectives.
• Development experience in one or more of: .NET, Javascript, C#, and/or mobile application frameworks.
• Professional certification in Application Security or Penetration Testing (e.g., CISSP, CSSLP, GSSP-x, CEH, GPEN, GWAPT, GMOB, Security+).
• Familiarity with security standards and frameworks relevant to SaaS and cloud (e.g., ISO, NIST, CSA).
  

Preferred Experience And Skills

• Demonstrated leadership in application security, including helping set strategic direction, influencing day-to-day practices, assigning technical priorities, and fostering a collaborative, high-performing environment.
• Experience developing and presenting program metrics, dashboards, and risk reports to both technical and non-technical stakeholders, utilizing tools such as JIRA, ServiceNow, or other workflow management solutions.
  

What Diligent Offers You

• Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
• We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
• We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
• Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.