Application Security Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Management Information Systems, or a related field preferred; equivalent practical experience may also be considered.
• 0–3 years of experience in information security, technology risk, IT administration, application support, or a related field, with an interest in application security.
• Understanding of application security concepts such as access management, secure configuration, control validation, vulnerability identification, and remediation tracking.
• Familiarity with application risk assessments, user access reviews, third-party security reviews, or security control testing is preferred.
• Understanding of web applications, SaaS platforms, APIs, identity and access management, and common security risks affecting business applications.
• Strong analytical, organizational, and documentation skills, with the ability to communicate clearly and work collaboratively with application owners and business stakeholders.
• Ability to manage multiple tasks, follow defined processes, and contribute to practical, risk-based security improvements in a fast-paced environment.

Nice To Haves

• Experience supporting a financial services organization or other regulated environment is preferred but not required.
• Entry-level security or technology certifications such as Security+, ISC2 CC, or similar credentials are a plus.

Responsibilities

• Maintain and support application and AI registers to help ensure an accurate inventory of in-scope business applications.
• Lead the application risk assessment program to identify security risks, document findings, and support risk-based decision making.
• Validate application security controls and document control effectiveness, gaps, and recommended improvements.
• Govern the user access review (UARs) process for business applications and help validate appropriate access based on job responsibilities.
• Provide application configuration guidance to support secure deployment and ongoing management of business applications.
• Participate in third-party and vendor security reviews for applications, platforms, and related services.
• Partner with application owners and other stakeholders to track and support remediation of identified security issues.
• Contribute to lightweight threat modeling activities to identify likely threats, common weaknesses, and practical mitigation options.
• Support the broader information security program by documenting processes, maintaining records, and assisting with related security initiatives as assigned.
• Serve as a liaison between Information Security and development teams to support DevSecOps.
• Provide support across information security functions, including risk management, governance, security operations, and related initiatives, as required.

Benefits

• Health
• Vision
• Dental
• 401K
• ESOP
• 100% Tuition Assistance
• 4 weeks paid time off