Application Security Analyst

About The Position

Requirements

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience/internships).
• 1-3 years of experience in an information security role (experience in application security or cloud security is a plus).
• Foundational understanding of Google Cloud Platform (GCP) services and basic cloud security concepts.
• Strong knowledge of common application vulnerabilities (e.g., OWASP Top 10).
• Experience using vulnerability scanning or management tools (e.g., Cycode, Checkmarx, FOSSA)
• Strong organizational skills with the ability to track multiple technical tasks and follow up on remediation.
• Secure coding knowledge and techniques to provide developers with actionable guidance
• Proactive self-starter with a passion for continuous learning in the evolving cloud security landscape and a demonstrated ability to identify and address security gaps independently
• Good communication skills, with the ability to explain security risks to both technical and non-technical stakeholders.

Nice To Haves

• Relevant Cyber Security certifications (e.g., CompTIA Security+, Google Cloud Digital Leader, ISC2)
• Familiarity with Infrastructure as Code (IaC) security practices and tools (e.g., Terraform, Mondoo, Open Policy Agent).
• Knowledge of common security frameworks and compliance standards (e.g., NIST, ISO 27001, SOC 2, GDPR).
• Experience with security monitoring, logging, and alerting solutions in a cloud environment (e.g., GCP Security Command Center, Cloud Logging, Cloud Monitoring).
• Experience with containerization (Docker) or CI/CD tools.

Responsibilities

• Assist in the administration of application vulnerability scanning tools (SAST, DAST, and SCA) within the GCP environment.
• Perform initial triage of vulnerability findings to remove false positives and determine risk priority.
• Track the status of open vulnerabilities and work with first-line teams to ensure timely remediation according to company policy.
• Generate regular reports on vulnerability trends and remediation progress for security leadership.
• Support the review and validation of security controls implemented by development teams to ensure they meet internal standards.
• Assist in conducting security risk assessments for new application features or cloud configurations.
• Participate in basic threat modeling sessions and security reviews for cloud-deployed applications.
• Support the integration of security checkpoints into CI/CD pipelines.
• Assist in the verification of secure configurations for GCP services (e.g., GCS buckets, Cloud Functions, GKE).