W2 Contract || Vulnerability Management || Somerset, NJ || (Day-1-Oniste)

Job Title: Vulnerability ManagementLocation: Somerset, NJ (Onsite)Look for profiles with vulnerability management, Rapid7, Qualys, Attack Surface Management, OWASP ZAP, Burp Suite etc.Job DescriptionWe are seeking a technically strong Vulnerability Management Analyst / Engineer to lead vulnerability identification, prioritization, and remediation across infrastructure, web applications, and cloud environments. This role combines hands-on scanning, threat-informed prioritization, and cross-functional remediation coordination to reduce risk and improve time to remediation.Experience5+ years of vulnerability management, application security, or penetration testing experience preferred.Required Skills 5+ years of experience in Vulnerability Management, Application Security, or Penetration TestingHands-on experience with:Qualys VMDRRapid7 InsightVMTenable / NessusWizBurp SuiteOWASP ZAPVeracodeCheckmarxInsightAppSecStrong understanding of:Vulnerability Management LifecycleAttack Surface Management (ASM)Web Application SecurityDAST TestingOWASP Top 10SANS Top 25CVSS, EPSS, and CISA KEVExperience performing manual validation of vulnerabilities including:SQL Injection (SQLi)Cross-Site Scripting (XSS)CSRFSSRFIDORAuthentication BypassExperience with cloud security across AWS, Azure, and GCPStrong scripting experience with Python, PowerShell, or BashExperience with vulnerability remediation tracking, reporting, and executive dashboardsPreferred QualificationsOSCP, GWAPT, CEH, CSSLP, or equivalent certificationsExperience with penetration testing and application security assessmentsKnowledge of PCI-DSS, NIST, CIS Controls, ISO 27001, HIPAA, and GDPRExperience with external attack surface monitoring and exposure management tools such as Shodan, SecurityScorecard, BitSight, and SSLScanExperience with container security and CI/CD security integrationsResponsibilitiesManage the end-to-end vulnerability management lifecycleConduct vulnerability assessments across infrastructure, cloud, applications, and web environmentsPerform DAST and manual web application security testingPrioritize vulnerabilities using CVSS, EPSS, threat intelligence, and business impactPartner with Infrastructure, DevOps, Engineering, and Security teams to drive remediationDevelop executive-level risk and remediation reportingRespond to critical and zero-day vulnerabilitiesImprove vulnerability management processes and security posture across the organizationKeywordsVulnerability Management, Attack Surface Management, ASM, Qualys, Rapid7, InsightVM, Tenable, Nessus, Wiz, Burp Suite, OWASP ZAP, Veracode, Checkmarx, InsightAppSec, DAST, Application Security, Web Security, Cloud Security, AWS, Azure, GCP, CVSS, EPSS, CISA, Python, Penetration Testing, OWASP Top 10.