Jobs · devitjobs
Information Security Engineer
Nimbus Data Systems · Posted 22d ago
About the role
Review and triage vulnerability submissions, validate technical accuracy, and assess severity for remediation.
Salary: $156000 - 176000 per year Requirements: We require 3 to 5 years of experience in information security, application security, or vulnerability management. We look for hands-on experience with vulnerability triage, validation, and prioritization. We need a strong grasp of application security fundamentals, secure development practices, and common risks such as the OWASP Top 10. We expect familiarity with vulnerability scanning outputs and tools, including SAST, SCA, and DAST. We need the ability to read and understand source code to verify vulnerabilities. We value experience with vulnerability management or tracking platforms, such as ticketing systems and dashboards. We require strong analytical judgment to evaluate exploitability and business risk. We look for excellent attention to detail and the ability to make well-supported decisions. We need effective verbal and written communication skills for technical, business, and leadership audiences. Experience working with distributed or offshore teams is preferred. Financial services industry experience is a plus. We require a bachelors degree in Computer Science, Information Security, or a related field, or equivalent practical experience. Responsibilities: We review and triage vulnerability submissions from external researchers through our disclosure and bug bounty programs. We validate technical accuracy, exploitability, and business impact. We assess severity using established scoring methods and program standards. We remove duplicates and close out invalid or non-actionable submissions. We classify vulnerabilities, assign remediation owners, and support centralized tracking workflows. We evaluate false positive requests from application teams. We analyze SAST and SCA findings and perform source code review when needed. We provide evidence-based decisions with clear supporting rationale. We help improve triage standards, playbooks, and operating procedures. We stay current on common application security weaknesses and emerging threats. We ensure our actions align with internal policies, standards, and regulatory expectations. We maintain defensible documentation and evidence for audits and reviews. We escalate high-risk or time-sensitive vulnerabilities when appropriate. We communicate findings, impact, and remediation guidance to stakeholders and partner with teams to drive timely resolution. Technologies: Support OWASP Security AI More: We are hiring a remote Information Security Engineer to support enterprise vulnerability management and application security operations. This is a W2 consulting opportunity with a benefits package that includes medical, dental, vision, a 401(k) with company match, and life insurance. The role is part of a structured, centralized security process focused on clear communication, defensible documentation, and coordinated remediation. We are a strategic consulting firm with nearly 40 years of experience helping organizations achieve more through technology, business advisory, and life sciences solutions. We are committed to building a diverse and inclusive team and offer a referral program for qualified candidate referrals. last updated 28 week of 2026
Read the full posting on devitjobs →
FAQ
Is the Information Security Engineer role at Nimbus Data Systems remote?+
This Information Security Engineer position is listed as onsite.
What is the salary for the Information Security Engineer role at Nimbus Data Systems?+
The listing states $156000 - 176000.
What seniority level is this Information Security Engineer role?+
This is a mid level position.
How do I apply for the Information Security Engineer role at Nimbus Data Systems?+
Use the "Apply on devitjobs" button to open the original posting on devitjobs, where you can submit your application directly to Nimbus Data Systems.