Overview
As an Application Security Engineer, you will be responsible for the operational backbone of the product security program, ensuring vulnerabilities are accurately identified, contextualized, triaged, and remediated across a global application and service portfolio. This role centers on hands-on vulnerability operations, security tooling ownership, and automation at scale. You will work closely with engineering, infrastructure, and product teams to maintain accurate asset inventories, drive remediation workflows, deliver meaningful metrics, and build automated processes that enhance the overall maturity of the security organization.
This role is ideal for an engineer with strong operational discipline, deep familiarity with application security tooling ecosystems (SAST, SCA, DAST, IaC, secrets scanning), and experience driving vulnerability management outcomes across large, distributed environments.
Responsibilities
- Perform vulnerability triage, validation, prioritization, and routing across SAST, SCA, DAST, IaC, secrets, and container scanning tools.
- Administer, tune, and maintain application security tooling ecosystems, ensuring full CI/CD integration and high-fidelity results.
- Create, track, and manage remediation tickets with engineering teams, enforcing SLAs and structured workflows.
- Maintain accurate application and service inventories, including classification by criticality, exposure, and data sensitivity.
- Contextualize vulnerabilities with business impact, exploitability, compensating controls, and asset risk profiles.
- Develop dashboards and metrics for vulnerability posture, aging, SLA compliance, and executive reporting.
- Conduct trend analysis to identify systemic issues, recurring vulnerabilities, and areas requiring structural improvements.
- Build automation and orchestration scripts to streamline triage, ticketing, enrichment, and reporting workflows.
Qualifications
Minimum Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience.
- 35+ years of experience in Application Security, Product Security, or Vulnerability Management.
- Direct hands-on experience with SAST, SCA, DAST, IaC, container security, or secrets scanning platforms.
- Strong understanding of vulnerability classes, CVSS scoring, and exploitability factors.
- Proficiency in scripting or programming languages (Python preferred; Go, JavaScript, or similar acceptable).
- Experience working with CI/CD systems and integrating security tools into developer workflows.
- Familiarity with cloud platforms (AWS, Azure, or GCP) and modern application architectures.
- Strong analytical, investigative, and problem-solving skills with a high attention to detail.
- Ability to work collaboratively in a fast-paced global engineering environment.
Preferred Qualifications
- Experience supporting large-scale, multi-business-unit vulnerability management programs.
- Expertise in Kubernetes, container security platforms, and cloud-native scanning tools.
- Experience building dashboards using tools such as PowerBI, Tableau, Grafana, or Looker.
- Knowledge of regulatory frameworks such as NIST CSF, ISO 27001, SOC 2, and EO 14028 requirements.
- Familiarity with software composition analysis, supply chain security, and SBOM management.
- Hands-on experience building security automation using APIs, webhooks, serverless functions, or workflow engines.
Security certifications such as GWAPT, GXPN, GCSA, CSSLP, OSCP, or equivalent.
Company Description
Waters Corporation (NYSE:WAT) is a global leader in analytical instruments, separations technologies, and software, serving the life, materials, food, and environmental sciences for over 65 years. Our Company helps ensure the efficacy of medicines, the safety of food and the purity of water, and the quality and sustainability of products used every day. In over 100 countries, our 7,600+ passionate employees collaborate with customers in laboratories, manufacturing sites, and hospitals to accelerate the benefits of pioneering science .
Diversity and inclusion are fundamental to our core values at Waters Corporation. It benefits our employees, our products, our customers and our community. Waters complies with all applicable federal, state, and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status, or any other characteristic protected by law. Waters is proud to be an equal opportunity workplace and is an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs at the time.
