Application Security & Vulnerability Analyst

About Persistent:

We are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what’s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world including 14 of the 30 most innovative US companies, 80% of the largest banks in the US and India, and numerous innovators across the healthcare ecosystem.

About Position and details:

• Role: Application Security & Vulnerability Analyst
• Location: Harbour Exchange Square, London
• Mode: Hybrid(2 to 3 days to office)
• Experience: 6 to 15 years
• Job Type: Permanent role

We are looking for a proactive and detail-oriented Open-Source Vulnerability Management Specialist to join our team. This role will coordinate closely with the Security team, Application Development teams, and Infrastructure teams to ensure timely remediation of vulnerabilities — with a strong focus on open-source components, packages, and libraries at application and OS level.

Responsibilities:

• Coordinate with the Security team to review and interpret vulnerability scan reports.
• Track identified vulnerabilities in Jira and create / link related remediation tasks.
• Liaise with Application Development, Unix/Windows Infrastructure, and Engineering teams to drive remediation activities.
• Understand open-source software (OSS) components, packages, and dependencies used by development teams and assist in planning upgrades or replacements.
• Maintain and update the Software Bill of Materials (SBOM) for relevant applications and projects, tracking binaries, jars, and packages for EOL/EOS status.
• Link vulnerabilities to remediation tasks in Jira and track status to closure.
• Participate in calls with cross-functional teams to align remediation timelines, impact, and priorities.
• Monitor and report on remediation progress — what has been resolved, what is pending, and what is planned.
• Identify opportunities to automate repetitive tasks in vulnerability tracking and reporting.
• Support the Application Development team in assessing the impact of vulnerability fixes on their codebase.
• Stay updated on common vulnerabilities, attack vectors, and security best practices for open-source libraries

Required Skills & Qualifications:

• Basic understanding of common vulnerabilities and attack vectors, especially in open-source components.
• Familiarity with dependency management tools and OSS packages for Java/Python/Node.js/.Net or similar.
• Experience with ticketing/workflow tools: Jira, ServiceNow, or equivalent
• Ability to conduct risk assessments and prioritize vulnerabilities effectively.
• Ability to interpret vulnerability scan reports and translate them into actionable remediation steps.
• Knowledge of SBOM (Software Bill of Materials) concepts and practices.
• Strong coordination and collaboration skills — able to work across Security, Development, and Infrastructure teams.
• Good communication and documentation skills.
• Ability to automate tasks using scripts or simple tools (e.g., Python, Bash, Jenkins).
• Monitor remediation progress and ensure vulnerabilities are addressed in a timely manner by coordinating with Security teams.
• Basic knowledge of package managers e.g., npm, pip, Maven, Gradle, Yarn
• Python, Shell scripting, or using tools like Jenkins for automating repetitive reporting or scanning tasks
• Familiarity with SBOM standards and concepts
• Threat Modeling Mindset

Let’s unleash your full potential at Persistent - persistent.com/careers.

“Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind.”