InfoSec L2 VM (App) Security Engineer

POSITION RESPONSIBILITIES

Percent of Time

Conduct security testing and vulnerability assessments for various applications, including web applications, mobile apps, business systems, and APIs.

Assist in the identification, analysis, and prioritization of vulnerabilities, ensuring timely and effective remediation in collaboration with development teams.

Support the development and execution of secure coding practices and application security guidelines.

Monitor and interpret vulnerability scanning results to identify trends, root causes, and systemic risks, providing actionable insights to stakeholders.

Collaborate with the wider Vulnerability Management team and other stakeholders to maintain and improve security processes and tools.

Stay updated on emerging threats, vulnerabilities, and industry best practices to enhance testing methodologies and overall security strategies.

Create and maintain detailed documentation and reports to track security metrics and demonstrate compliance with applicable standards.

100%

ORGANIZATIONAL RELATIONSHIPS

The Analyst will work closely with the Vulnerability Management Application Security Engineer and the onshore vulnerability management team to execute security testing initiatives.

This role will also collaborate with:

Application Development teams to address vulnerabilities and implement secure coding practices.

Cloud and Application Security teams to align on strategy and processes.

Other stakeholders within the Zoetis Tech & Digital (ZTD) organization to support vulnerability remediation efforts.

EDUCATION AND EXPERIENCE

Education

University Degree in Computer Science or Information Systems is required

MS or advanced identity courses or other applicable certifications is desirable, including:

o Certified Information Systems Security Professional (CISSP)

Relevant certifications in infrastructure security and vulnerability management, such as Offensive Security Certified Professional (OSCP), GIAC Certified Vulnerability Assessor (GCVA), or Certified Ethical Hacker (CEH), are highly preferred

Experience

A minimum of 4+ years of relevant experience with a strong background in vulnerability management and security engineering.

2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.

Experience working with global teams across multiple time zones.

.

TECHNICAL SKILLS REQUIREMENTS

Hands-on experience in application security assessments, penetration testing, or secure development practices.

Proficiency with application security and vulnerability scanning tools, such as Burp Suite, Veracode, and HCL AppScan.

Knowledge of web application, mobile app, and API penetration testing methodologies.

Familiarity with the Software Development Lifecycle (SDLC), secure coding practices, and application development processes.

Understanding of application security vulnerabilities (e.g., OWASP Top 10), security frameworks (e.g., NIST), and risk mitigation strategies.

Experience working with cloud platforms such as AWS and Azure is desirable.

Strong analytical skills and a detail-oriented approach to identifying and addressing vulnerabilities.

Excellent verbal and written communication skills to create reports and collaborate with internal teams.

Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)

• Full time