Job Description
Key Responsibilities
Exception Review & Risk Assessment
- Review and assess security exception requests for compliance with Enterprise Vulnerability standards and supporting policies.
- Validate business justifications, compensating controls, and risk responses (Mitigate, Accept, Transfer, Avoid).
- Ensure exceptions align with the Exceptions Management Program and include required documentation and leadership approvals.
- Challenge insufficient or unjustified exceptions, prioritizing remediation over risk acceptance.
Vulnerability Governance & Remediation Oversight
- Monitor and track critical and high vulnerabilities across application and infrastructure portfolios.
- Enforce remediation timelines in accordance with defined Service Level Objectives (SLOs).
- Ensure vulnerabilities exceeding SLOs are either remediated or formally documented via approved exceptions.
- Validate remediation through coordination with security tooling, rescans, or evidence-based confirmation.
Stakeholder Engagement & Reach-Out
- Proactively engage application and platform owners with critical risk exposure or past-due vulnerabilities.
- Communicate risk clearly, including exploitability, business impact, and compliance implications.
- Drive accountability through follow-ups, escalation paths, and alignment with leadership where required.
- Support application teams in understanding remediation options and security requirements.
Security Tooling & Data Analysis
- Leverage results from enterprise security tools (e.g., SAST, DAST, SCA, IRIS, Tenable, API security tools) to identify and track vulnerabilities.
- Analyze risk metrics, dashboards, and reports (e.g., Application Health, vulnerability reports) to prioritize actions.
- Correlate findings across tools to identify systemic risk patterns and recurring issues.
Policy & Standards Alignment
- Ensure adherence to:
- Application Security Policy
- Enterprise Vulnerability Standard
- Application Vulnerability Management Procedure
- Interpret and translate policy requirements into actionable guidance for engineering teams.
- Identify gaps or non-compliance and recommend corrective actions.
Continuous Threat Exposure Management (CTEM) Support
- Contribute to continuous risk identification, prioritization, and validation efforts.
- Support risk-based prioritization using exploitability, asset criticality, and exposure context.
- Assist in reducing attack surface and improving overall security posture.
Required Qualifications
Technical & Security Expertise
- Strong understanding of:
- Application Security (OWASP Top 10, secure coding practices)
- Vulnerability management lifecycle and risk-based prioritization
- Security testing methodologies (SAST, DAST, SCA, API security)
- Familiarity with enterprise security tools and platforms
- Ability to interpret vulnerability data, CVSS scoring, and exploitability context.
Risk & Governance Knowledge
- Experience with security exceptions management and risk acceptance processes.
- Understanding of SLO-driven remediation and escalation models.
- Ability to assess compensating controls and residual risk.
Communication & Stakeholder Management
- Ability to engage technical and non-technical stakeholders effectively.
- Strong written and verbal communication skills for risk articulation and escalation.
- Experience driving remediation through influence rather than authority.
Responsibilities
Key Success Metrics
- Reduction in critical/high vulnerabilities past SLO
- Decrease in exception volume and aging exceptions
- Improved application security posture
- Timely engagement and remediation outcomes with application teams
- Quality and completeness of exception reviews and risk assessments
Role Positioning
This role is not a passive reviewer. It is an active risk driver responsible for:
- Enforcing security standards
- Driving remediation outcomes
- Preventing misuse of exceptions as a substitute for fixing risk
Qualifications
Preferred Qualifications
- Experience within financial services or highly regulated environments.
- Familiarity with Enterprise Vulnerability Management or similar enterprise security frameworks.
- Exposure to CTEM practices and risk-based security operations.
- Experience working with cloud, APIs, or distributed systems.
About Us
At Zensar, we're
experience-led everything. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose:
Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is
ONE with Client - a set of four core values that reflect who we are and how we work:
One Zensar, Nurturing, Empowering, and Client Focus.
Part of the $4.8 billion RPG Group, we're a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. Explore Life at Zensar and join us to Grow. Own. Achieve. Learn. to be the best version of yourself.
We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.
