Senior Application Security Analyst, VP

Citi•Irving, TX

About The Position

Perform static application security testing (SAST) and manual source code reviews (Java-focused) to identify vulnerabilities, malicious code, and hardcoded secrets. Review and validate automated scan results, prioritize remediation based on risk, and provide actionable guidance. Develop custom detection rules for secrets and malicious code. Collaborate with development teams to ensure timely remediation and promote secure coding and secrets management best practices. Design and implement AI/ML-driven utilities to enhance code analysis and automate detection of secrets and vulnerabilities. Prepare formal security assessment reports using standard templates. Research emerging threats, tools, and methodologies to continuously improve detection capabilities. Mentor junior team members and contribute to knowledge sharing within the security organization.

Requirements

6+ years of experience in secure software development, or SAST
Strong understanding of application security principles, common vulnerabilities (OWASP Top 10, CWE), and secure coding practices.
Hands-on development experience in Java/J2EE (required); experience with other enterprise languages such as C#, .NET, Python, or JavaScript is a plus.
Familiarity with DevSecOps practices, CI/CD pipelines, and integrating security tools into the SDLC.
Experience with SAST tools (e.g., Fortify, Checkmarx) and manual code review techniques.
Knowledge of secrets management best practices and detection tools.
Exposure to AI/ML concepts for security automation is a plus.
Bachelor's degree or equivalent experience in Computer Science, Information Security, or a related field.
Secrets Scanning and secrets management best practices
DevSecOps principles and CI/CD integration
AI/ML skills for security automation
Experience with .NET, Python, or other enterprise languages
Familiarity with security tools such as Fortify, Snyk, Burp Suite

Nice To Haves

Preferred Certifications: CSSLP, GIAC (GSSP or GWEB), or equivalent secure coding credentials.
OWASP or SANS secure coding training is a plus.
Knowledge of DAST (Dynamic Application Security Testing) is a plus

Responsibilities

Perform static application security testing (SAST) and manual source code reviews (Java-focused) to identify vulnerabilities, malicious code, and hardcoded secrets.
Review and validate automated scan results, prioritize remediation based on risk, and provide actionable guidance.
Develop custom detection rules for secrets and malicious code.
Collaborate with development teams to ensure timely remediation and promote secure coding and secrets management best practices.
Design and implement AI/ML-driven utilities to enhance code analysis and automate detection of secrets and vulnerabilities.
Prepare formal security assessment reports using standard templates.
Research emerging threats, tools, and methodologies to continuously improve detection capabilities.
Mentor junior team members and contribute to knowledge sharing within the security organization.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume