Senior Application Security Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• 5+ years of progressive experience in application security, secure software development, or product security
• Strong understanding of web and API technologies (HTTP/S, REST, JSON, OAuth, OpenID Connect, SAML)
• Hands‑on experience with application security testing tools (SAST, SCA, DAST, secret scanning)
• Solid knowledge of OWASP Top 10, threat modeling methodologies, and secure coding principles
• Strong analytical, problem‑solving, and communication skills, with the ability to explain security risks to both technical and non‑technical audiences
• Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
• Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
• Eligible to obtain a Reliability Security Clearance.
• Proficiency in English is required for this position due to the frequent communications that must be conducted in English with various stakeholders.

Nice To Haves

• Experience securing cloud‑native applications in AWS and/or Azure environments
• Familiarity with API gateways, WAFs, and runtime protection controls
• Experience working in agile or DevOps delivery environments
• Relevant security certifications (e.g., CSSLP, GWAPT, GWEB, CISSP, OSCP)
• Strong knowledge of one or more modern programming languages (e.g. Python, Java, C++, JavaScript)

Responsibilities

• Perform application and API security assessments, including design reviews, threat modeling, and architecture reviews, in alignment with enterprise application security standards
• Identify security risks across custom‑built, SaaS, and third‑party applications and work with application owners to define practical remediation plans
• Review authentication, authorization, data handling, and integration patterns to ensure secure‑by-design implementations
• Embed security requirements and controls early in the SDLC (“shift left”) by working directly with development and delivery teams
• Support the integration and tuning of Static Application Security Testing (SAST), Software Composition Analysis (SCA), secret scanning, Dynamic Application Security Testing (DAST) and other application security tooling within CI/CD pipelines
• Provide secure coding guidance and recommendations based on OWASP Top 10 and industry best practices
• Develop and maintain clear, reusable documentation and standardized frameworks to enable consistent adoption of application security practices across teams
• Triage and assess application security findings from automated tools, penetration tests, and manual reviews
• Partner with application teams to prioritize remediation based on risk, exploitability, and business impact
• Act as a trusted security advisor to application owners, architects, and developers
• Contribute to the development and maintenance of application security standards, patterns, and guidance documentation
• Support third‑party assessments and security reviews for externally developed or hosted applications
• Identify opportunities to improve application security processes, tooling, and governance
• Stay current with emerging application security threats, vulnerabilities, and defensive techniques

Benefits

• Accommodations during the recruitment process upon request.