[Hiring] Application Security Engineer @SOLVENTUM

Role Description

As an Application Security Engineer at Solventum, you will:

• Join a team of cybersecurity professionals motivated to secure Solventum's healthcare information systems and the personal health information of our clients and their patients.
• Operate and enhance application security tool environments.
• Author automation scripts for recurring tasks (Python preferred).
• Setup and execute authenticated and unauthenticated dynamic application security testing (DAST) scans against web applications and APIs using approved tools.
• Manage scan scheduling, configuration, and coverage across application security tool environments.
• Tune scanning profiles to reduce false positives and improve detection accuracy.
• Ensure DAST scanning aligns with release cycles and risk-based scanning requirements.
• Validate DAST findings to confirm exploitability and business impact.
• Categorize vulnerabilities using industry standards (e.g., OWASP Top 10).
• Prioritize findings based on risk, application criticality, and exposure.
• Eliminate false positives and duplicate findings prior to developer handoff.
• Partner with development and platform teams to explain DAST findings and remediation expectations.
• Track remediation progress and verify fixes through re-scanning or targeted validation.
• Maintain accurate vulnerability records in enterprise tracking systems.
• Escalate overdue or high-risk vulnerabilities in accordance with policy.
• Work with application teams to validate that software applications meet security guidelines and compliance standards such as HIPAA, SOC II, GDPR, NIST 800-53, FedRAMP, etc.
• Build solutions that collect and present vulnerability and compliance data to Solventum’s leadership.

Qualifications

• Bachelor’s Degree & 7 years of experience in application security.
• 3 years' experience administering, running, and analyzing DAST tools.
• Knowledgeable with AWS or Azure cloud environments.
• Familiarity with best practice software security requirements in industry standard compliance programs (NIST, HITRUST, FedRAMP, etc.).
• Experience developing or testing RESTful APIs with an understanding of Postman and/or Swagger files.
• Ability to obtain and maintain a Public Trust clearance.

Requirements

• Experience administering Qualys or Tenable vulnerability management and application security modules.
• Experience in working across multiple teams and disciplines.
• Strong attention to detail and analytical skills.
• Risk-based prioritization and sound judgment.

Benefits

• Competitive pay and benefits.
• Medical, Dental & Vision coverage.
• Health Savings Accounts.
• Health Care & Dependent Care Flexible Spending Accounts.
• Disability Benefits.
• Life Insurance.
• Voluntary Benefits.
• Paid Absences.
• Retirement Benefits.