Application Security Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience/internships).
• 1–3 years of experience in an information security role (experience in application security or cloud security is a plus).
• Foundational understanding of Google Cloud Platform (GCP) services and basic cloud security concepts.
• Strong knowledge of common application vulnerabilities (e.g., OWASP Top 10).
• Experience using vulnerability scanning or management tools (e.g., Cycode, Checkmarx, FOSSA)
• Strong organizational skills with the ability to track multiple technical tasks and follow up on remediation.
• Secure coding knowledge and techniques to provide developers with actionable guidance
• Proactive self-starter with a passion for continuous learning in the evolving cloud security landscape and a demonstrated ability to identify and address security gaps independently
• Good communication skills, with the ability to explain security risks to both technical and non-technical stakeholders.

Nice To Haves

• Relevant Cyber Security certifications (e.g., CompTIA Security+, Google Cloud Digital Leader, ISC2)
• Familiarity with Infrastructure as Code (IaC) security practices and tools (e.g., Terraform, Mondoo, Open Policy Agent).
• Knowledge of common security frameworks and compliance standards (e.g., NIST, ISO 27001, SOC 2, GDPR).
• Experience with security monitoring, logging, and alerting solutions in a cloud environment (e.g., GCP Security Command Center, Cloud Logging, Cloud Monitoring).
• Experience with containerization (Docker) or CI/CD tools.

Responsibilities

• Vulnerability Management & Triage: Assist in the administration of application vulnerability scanning tools (SAST, DAST, and SCA) within the GCP environment. Perform initial triage of vulnerability findings to remove false positives and determine risk priority. Track the status of open vulnerabilities and work with first-line teams to ensure timely remediation according to company policy. Generate regular reports on vulnerability trends and remediation progress for security leadership.
• Second Line of Defense (2LoD) Oversight: Support the review and validation of security controls implemented by development teams to ensure they meet internal standards. Assist in conducting security risk assessments for new application features or cloud configurations. Help document and maintain security policies, standards, and procedures. Monitor compliance with security baselines and report on deviations within the GCP environment.
• Application Security Support: Act as a point of contact for developers regarding basic security best practices and secure coding guidelines (e.g., OWASP Top 10). Participate in basic threat modeling sessions and security reviews for cloud-deployed applications. Support the integration of security checkpoints into CI/CD pipelines. Maintain and evolve our Security Advocate Program to integrate security within our development teams
• GCP Security Monitoring: Monitor GCP Security Command Center and other security logging tools for alerts or misconfigurations. Review Identity and Access Management (IAM) permissions to ensure the principle of least privilege is being followed. Assist in the verification of secure configurations for GCP services (e.g., GCS buckets, Cloud Functions, GKE).

Benefits

• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.