Security Vulnerability Remediation Analyst

Job Details:

Job Title: Security Vulnerability Remediation Analyst

Duration: Contract (On the Payroll of Datum Technology Group)

Location: Chennai || Mumbai || Gurugram

Interview Process: Virtual (2 Rounds) + 1 Technical screening.

Key Responsibilities

Vulnerability Triage:

• Review findings from scanning tools (Burp Suite, ZAP, Mend, Snyk, JFrog XRay, Wiz, Qualys).
• Validate severity and exploitability, prioritising overdue medium vulnerabilities. Confirm whether the finding is a true positive or false positive.

False Positive Handling:

• Document justification for false positives (e.g., scan logs, GitHub issue link).
• Submit exception requests via approved workflows:
• GitHub Exception Templates for Mend, Snyk, Xray email the security team for unresolved cases route Wiz false positives to the Security Platforms team for backend review.

Remediation Coordination:

• For confirmed vulnerabilities, create a Jira ticket in the correct team backlog.
• Include vulnerability alert details, scanning source reference, and recommended remediation steps.
• Link the Jira ticket to the original vulnerability alert for traceability.
• Following sufficient progress is made triaging vulnerabilities, proceed to fix those that require a development change.

Reporting & Governance:

• Maintain accurate records of triage decisions and false positive justifications.
• Provide weekly updates on backlog reduction progress.
• Ensure compliance with Risk Vulnerability Management Standards.

Required Skills & Experience

• Strong understanding of application security principles and vulnerability types.
• Experience developing web applications, preferably in a PHP / MySQL environment.
• Hands-on experience with DAST, SAST, SCA, CSPM, and infrastructure scanning tools.
• Familiarity with Jira and GitHub workflows for issue tracking and exception handling.
• Ability to analyse scan results and differentiate between true positives and false positives.
• Excellent communication skills for cross-team collaboration.

Performance Metrics

• Reduction of medium vulnerabilities
• Timely triage and accurate classification of findings.
• Compliance with InfoSec standards and exception approval processes.