Application Security Analyst

Sound Physicians,
$75,000 - $110,000Remote

About The Position

The Application Security Analyst helps embed security into the software delivery lifecycle by partnering with development, platform, cloud, and security teams to build secure-by-default processes. This role focuses on reducing risk through automation, continuous testing, secure configuration, and practical guidance that enables teams to ship software quickly and safely. The ideal candidate possesses a strong understanding of application security principles, secure coding practices, cloud security controls, vulnerability management, and modern DevSecOps methodologies. The Details: Participation in the after-hours security incident response and on-call rotation is part of the role.

Requirements

  • Strong understanding of application security concepts, secure coding practices, and common attack vectors.
  • Knowledge of security testing methodologies including SAST, DAST, SCA, penetration testing, secret scanning, and IaC security assessments.
  • Familiarity with cloud platforms such as Azure and AWS.
  • Familiarity with CI/CD platforms such as Azure DevOps, GitHub Actions, GitLab CI, or Jenkins.
  • Knowledge of OWASP Top 10, OWASP API Security Top 10, MITRE ATT&CK, and NIST Cybersecurity Framework.
  • Experience with application security platforms such as Veracode, Checkmarx, Fortify, SonarQube, Snyk, Mend, Burp Suite, Rapid7 InsightAppSec, or similar tools.
  • Familiarity with scripting and automation using Python, Powershell, Bash, or similar languages.
  • Experience securing containerized applications and platforms (Docker, Kubernetes, OpenShift, AKS, EKS, or GKE), including container image scanning, runtime security monitoring, admission controls, and Kubernetes security best practices.
  • Knowledge of container technologies, source control workflows, and modern software delivery practices.
  • Familiarity with common static and dynamic application security tools.
  • Ability to analyze security findings, assess risk, and communicate remediation recommendations effectively to technical and non-technical stakeholders.
  • Familiarity with AI-assisted development processes and appropriate security controls.
  • Strong written and verbal communication skills.
  • Ability to translate technical issues into clear guidance and action plans
  • Knowledge of cloud-native security controls.
  • Familiarity with Kubernetes, Terraform, and similar Infrastructure-as-Code tools.
  • Familiarity with secrets management, PKI, certificate management, and cryptographic controls.
  • Knowledge of compliance frameworks such as NIST CSF, NIST 800-53, HIPAA, PCI DSS, SOC 2, ISO 27001, and HITRUST.
  • Bachelor’s degree in Computer Science, Information Security, or related field, with industry-recognized certifications such as CSSLP (Certified Secure Software Lifecycle Professional), GWAPT (GIAC Web Application Penetration Tester), OSWE (Offensive Security Web Expert), CEH (Certified Ethical Hacker)
  • 4+ years of experience in application security, DevOps, cloud security, security engineering, or a related cybersecurity role.
  • Experience supporting regulated environments such as healthcare, financial services, or other compliance-driven industries.

Nice To Haves

  • Knowledge of scripting and programming languages such as Python, PowerShell, Java, JavaScript, C#, or Go is highly desirable and considered a plus.

Responsibilities

  • Integrate security controls and automated checks into CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), secret scanning, container security scanning, and Infrastructure-as-Code (IaC) validation.
  • Partner with developers and platform engineers to identify, prioritize, and remediate application, API, container, and cloud security risks early in the development lifecycle.
  • Perform application security assessments, architecture reviews, and threat modeling exercises for new and existing applications.
  • Support vulnerability management by validating findings, reducing false positives, tracking remediation, and helping define risk-based service-level expectations.
  • Conduct secure code reviews and provide guidance on secure coding practices aligned with OWASP Top 10, CWE, and industry standards.
  • Perform security reviews for application architecture, deployment patterns, third-party components, and cloud configurations.
  • Develop and maintain secure pipeline standards, reusable guardrails, and policy-as-code checks that improve consistency without creating unnecessary delivery friction.
  • Collaborate with engineering, infrastructure, and security operations teams on incident response, root cause analysis, and hardening activities related to software delivery platforms.
  • Create and maintain documentation, standards, playbooks, and training materials related to application security, secure development, and DevSecOps practices.
  • Track vulnerability trends, security metrics, and recurring issues to improve security maturity across build, release, and runtime workflows.
  • Stay current on emerging threats, attack techniques, vulnerabilities, and security technologies relevant to application and cloud security.

Benefits

  • Medical insurance
  • Dental insurance
  • Vision insurance
  • Health care and dependent care flexible spending account
  • 401(k) retirement savings plan with a company match
  • Paid time off (PTO) begins accruing immediately upon start date at a rate of 15 days per year, in accordance with Sound's PTO policy
  • Ten company-paid holidays per year
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service