[Remote] Application Security Engineer

Note: The job is a remote job and is open to candidates in USA. Solventum is a new healthcare company focused on improving lives through innovative solutions. They are looking for an Application Security Engineer to enhance the security of their healthcare information systems and manage vulnerabilities in applications, ensuring compliance with industry standards.

Responsibilities

• Operating and enhancing application security tool environments
• Authoring automation scripts for reoccurring tasks (Python preferred)
• Setup and execute authenticated and unauthenticated dynamic application security testing (DAST) scans against web applications and APIs using approved tools
• Manage scan scheduling, configuration, and coverage across application security tool environments
• Tune scanning profiles to reduce false positives and improve detection accuracy
• Ensure DAST scanning aligns with release cycles and risk-based scanning requirements
• Validate DAST findings to confirm exploitability and business impact
• Categorize vulnerabilities using industry standards (e.g., OWASP Top 10)
• Prioritize findings based on risk, application criticality, and exposure
• Eliminate false positives and duplicate findings prior to developer handoff
• Partner with development and platform teams to explain DAST findings and remediation expectations
• Track remediation progress and verify fixes through re‑scanning or targeted validation
• Maintain accurate vulnerability records in enterprise tracking systems
• Escalate overdue or high‑risk vulnerabilities in accordance with policy
• Working with application teams to validate that software applications meet security guidelines and compliance standards such as HIPPA, SOC II, GDPR, NIST 800-53, FedRAMP, etc
• Building solutions that collect and present vulnerability and compliance data to Solventum’s leadership

Skills

• Bachelor's Degree & 7 years of experience application security
• 3 years' experience administering, running, and analyzing DAST tools
• Knowledgeable with AWS or Azure cloud environments
• Familiarity with best practice software security requirements in industry standard compliance programs (NIST, HITRUST, FedRAMP, etc.)
• Experience developing or testing RESTful APIs with an understanding of Postman and/or Swagger files
• Ability to obtain and maintain a Public Trust clearance
• Experience administering Qualys or Tenable vulnerability management and application security modules
• Experience in working across multiple teams and disciplines
• Strong attention to detail and analytical skills
• Risk-based prioritization and sound judgment

Benefits

• Medical, Dental & Vision
• Health Savings Accounts
• Health Care & Dependent Care Flexible Spending Accounts
• Disability Benefits
• Life Insurance
• Voluntary Benefits
• Paid Absences and Retirement Benefits
• Travel arrangements and related expenses will be coordinated and paid for by the company in accordance with its travel policy. Applies to new hires with a start date of October 1st 2025 or later.

Company Overview