Vulnerability Engineer

Summary

Join ARC Group as a Cybersecurity Engineer in a fully remote position, working Eastern Time zone business hours. This contract role, extending through December 2025 with potential for extension or conversion to full-time employment, offers significant career growth within a well-respected organization. The position focuses on web application security, threat protection, and vulnerability analysis. You will play a key role in implementing and managing security systems, analyzing vulnerabilities, and collaborating with development teams to ensure the organization's web applications and data remain secure. This is a fantastic opportunity to contribute to a diverse and inclusive workplace.

Requirements

• 4+ years of experience in vulnerability management, with a strong understanding of web application vulnerabilities and remediation methods
• Experience with application vulnerability scanning software and/or platforms such as HCL AppScan, BurpSuite, Zed Attack Proxy, Nessus, etc
• Excellent problem-solving skills, with the ability to analyze complex technical issues and develop creative solutions
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams
• Experience with web application security testing and vulnerability management
• 4+ years related work experience (at least 4 years Cybersecurity / 1 year Infrastructure/Development)
• SSCP (or greater) certification required within 180 days of hire

Responsibilities

• Implement and manage web application firewalls (WAFs) and bot protection systems to detect and prevent malicious traffic and attacks
• Manage vulnerability scanning tools and technologies to identify and remediate vulnerabilities in web applications and systems
• Develop and maintain policies and procedures for web application security, including WAF configuration, bot protection, and vulnerability management
• Collaborate with cross-functional teams to ensure WAFs and bot protection systems are integrated with other security systems and applications
• Develop and maintain documentation for WAFs and bot protection systems, including technical guides, policies, and procedures
• Provide training and support to other teams regarding vulnerability findings and remediation
• Stay up-to-date with industry trends and emerging threats, and recommend improvements to web application security infrastructure and systems
• Perform vulnerability management for web applications, including: Dynamic scanning using tools such as HCL AppScan and/or Burp Suite
• Static scanning throughout the development lifecycle
• Identifying and prioritizing vulnerabilities based on risk and impact
• Collaborating with development teams to remediate vulnerabilities and implement secure coding practices
• Conducting regular web application security testing and providing recommendations for improvement

Preferred Qualifications

• Experience with F5 web application firewalls
• Knowledge of scripting languages, such as PowerShell or Python
• Experience with agile development methodologies and DevOps practices