Application Security Analyst

This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices., Application Security & Testing

• Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
• Analyze vulnerabilities and recommend secure coding fixes
• Demonstrate vulnerabilities to development teams
• Drive remediation efforts to closure

DevSecOps & Tooling

• Work within CI/CD pipelines using tools such as:

• Jenkins, GitLab, GitHub Actions, TeamCity
• Checkmarx, GitHub Advanced Security, Burp Suite

• Integrate security controls into development workflows

WAF & Security Controls

• Lead Web Application Firewall (WAF) deployment for new and existing apps
• Implement application security policies, controls, and standards

Collaboration & Enablement

• Partner with development, platform, and supplier teams
• Provide clear remediation guidance
• Train teams on secure coding and application security practices
• Develop training materials

Assessment & Reporting

• Conduct security assessments using standard tools
• Track and report:

• Risks
• Milestones
• Deliverables
• Status updates

• Recommend strategies based on application risk posture

• Bachelor's degree in Computer Science, Information Technology, or related field
• 3+ years of hands-on experience in application security, security testing, and DevSecOps
• Strong understanding of:

• Application architectures (web, mobile, APIs)
• Software development methodologies (Agile, SDLC)
• Modern programming languages (Java, C#, Python)

• Experience performing and interpreting results from:

• SAST, DAST, IAST, SCA, and mobile security testing tools

• Hands-on experience with secure code review in common languages (Java, C#, Python preferred)
• Prior background in application development, including:

• Compiled code
• Web applications / services
• Mobile app development

• Knowledge of security frameworks and standards:

• NIST, ISO 27001
• NIST SSDF or similar secure development frameworks

• Strong understanding of:

• OWASP Top 10 vulnerabilities and mitigation techniques
• Common attack vectors (web exploits, DDoS, bot attacks)

• Experience with WAF technologies:

• Akamai, Cloudflare, AWS WAF, Azure Front Door

• Familiarity with cloud platforms and modern environments:

• AWS, Azure, GCP
• Containers (Docker, Kubernetes)

• Working knowledge of:

• Programming/scripting: Java, JavaScript, SQL, HTML
• Scripting languages (Python, Bash preferred)

• Strong analytical, problem-solving, and communication skills

• Ability to explain technical risks to non-technical audiences
• Experience writing security reports and documentation

• Ability to work independently and cross-functionally

Preferred Qualifications:

• Industry certifications:

• GIAC GWEB
• ISC2 CSSLP
• EC-Council CASE
• Or equivalent AppSec certifications