IT Security Application Analyst II

About The Position

Requirements

• 4 Year / Bachelors in Computer Science, a related field, or the equivalent degree and/or experience
• Ability to identify and assess the severity and potential impact of risks.
• Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Strong knowledge of the NIST cybersecurity framework
• Possess and have ability to apply broad knowledge of principles, practices, and procedures.
• Thorough knowledge of industry accepted security architectures
• Thorough knowledge of authentication and access systems
• Able to effectively analyze risk within the context of business problems.
• General multi-platform information security knowledge in cloud, networks, Windows, desktops, servers, and application systems
• Working knowledge of information security tools for intrusion monitoring, filtering, event management, compliance management and vulnerability management
• General knowledge of regulatory requirements such as SOC 2, Sarbanes-Oxley, Health Insurance Portability & Accountability Act (HIPAA), along with US data privacy laws
• Experience in following system information security policies, standards, and procedures
• Experience implementing security-related projects.
• Excellent written and verbal communication skills with an emphasis on confidentiality, tact, and diplomacy
• Exceptional organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments related to the applicable area of the Company's business to proactively respond to changing business
• Overtime hours may be required to fulfill job responsibilities
• May be required to remain stationary for extended periods of time
• May be required to move up to 10 pound
• Must be able to operate a computer and other devices
• Close vision and ability to adjust focus, such as required to read a computer screen
• Occasional travel up to 10%

Nice To Haves

• Certified Information System Security Professional(CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor(CISA)
• Experience integrating security tools into CI/CD pipelines (e.g., GitHub Advanced Security, Veracode, Checkmarx, or similar).
• Experience with vendor risk management and third-party software assessments.
• Strong understanding of secure development frameworks (e.g., OWASP SAMM, NIST SP 800-218 SSDF).
• Familiarity with threat modeling methodologies (STRIDE, PASTA).
• Ability to translate complex security risks into actionable development requirements

Responsibilities

• Partner with application development teams to embed security requirements and controls throughout the software development lifecycle (SDLC), including design, coding, testing, and deployment.
• Conduct security reviews of application architectures, design documents, and source code (e.g., static/dynamic analysis).
• Conduct and/or review vendor application security assessments, penetration tests, and SOC 2 / ISO 27001 reports.
• Define and enforce secure coding standards and practices in alignment with OWASP Top 10 and TMHCC policies.
• Maintain and continuously improve the Application Security Policy, Secure Development Standards, and related procedures.
• Evaluate and integrate security automation tools (SAST, DAST, SCA) within CI/CD pipelines.
• Provide security training and guidance to developers to foster a security-first development culture.
• Evaluate third-party software vendors for adherence to TMHCC’s security standards, including secure coding, vulnerability management, and data protection.
• Collaborate with Procurement and Legal to embed security requirements and due diligence in contracts and service agreements.
• Track and manage remediation of security issues identified in vendor solutions.
• Develop key metrics and reporting for application and vendor security posture (e.g., vulnerability trends, remediation SLAs, risk acceptance tracking).
• Participate in architecture review boards and change advisory processes to ensure secure-by-design principles are followed.

Benefits

• Generous paid time off (PTO)
• 12 paid company holidays
• 401(k) Retirement Plan with 6% company match.
• Health and dental insurance, and vision plan available.
• Company-provided long-term disability and life insurance.
• Opportunities for advancement in a successful and growing organization.
• Flexible work schedules and a great work/life balance.
• Paid Parental Leave.
• Volunteer Time Off.
• Enjoy casual dress and work in a modern, comfortable office with free parking.
• Hybrid work schedule