[8PP] Senior Security Analyst - AI & Application Security

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience.
• At least 5 years of experience as a Security Analyst or similar role, with a demonstrated focus on AppSec, security operations, and/or AI security.
• Hands-on experience with Qualys or equivalent for vulnerability scanning, asset management, and remediation tracking.
• Proficiency with CrowdStrike platform capabilities including Next-Gen SIEM, Data Protection, CSPM, AIDR, Falcon Shield, and Threat Intelligence.
• Experience with Rapid7 or equivalent vulnerability management platform for risk prioritization and/or incident detection.
• Cloud security experience in AWS and/or Azure including IAM, security group configurations, logging, and posture management.
• Experience hardening CI/CD pipelines and integrating AppSec tooling (SAST/DAST/SCA) into development workflows.
• Experience coordinating penetration tests and managing remediation lifecycle.
• Demonstrated ability to implement security process improvements and drive program maturity.
• Working knowledge of NIST CSF 2.0 and how to apply framework functions to operational security programs.
• Knowledge of security concepts, principles, and best practices, such as threat modeling, risk assessment, encryption, and authentication.
• Knowledge of common security vulnerabilities, threats, and attack vectors, such as phishing, ransomware, DDoS, and SQL injection.
• Excellent communication, problem-solving, and analytical skills.
• Ability to work independently and as part of a team.
• +90% English written and oral (at least B2 level) with excellent communication skills
• Strong security architecture background
• Experience with cloud platforms (Azure and AWS)
• Familiarity with AI tooling (e.g., Databricks)
• Solid understanding of security best practices
• Previous experience as a security architect
• Knowledge of secure coding practices
• Ability to work with internal /external teams to compile evidence to satisfy compliance audits

Nice To Haves

• Certifications such as CISSP, OSCP, CEH, GCIH, GCFA, CrowdStrike CCFA/CCFH, or AWS Security Specialty are preferred
• AI security certifications such as AAISPM or equivalent AI governance certification are a plus.
• Knowledge of AI/ML security considerations and AI governance frameworks including ISO/IEC 42001 and NIST AI RMF 1.0.
• Preferred Experience in a SaaS or cloud-native software company environment.
• Familiarity with SOC 2 Type II or ISO 27001 frameworks and their underlying control requirements.
• Experience with security architecture review processes and threat modeling (STRIDE, PASTA, etc.).
• Scripting or automation experience (Python, PowerShell, Bash) for security tooling integration.
• Experience with network security, zero trust architecture, or microsegmentation.
• Experience conducting vendor security assessments for AI and SaaS tools, including evaluation against AI governance frameworks and data handling controls.

Responsibilities

• Lead application security testing activities including SAST, DAST, and software composition analysis (SCA) across the SDLC.
• Coordinate and manage third-party penetration tests for web applications, APIs, and cloud infrastructure; track remediation to closure.
• Leverage Qualys for vulnerability scanning, asset discovery, and prioritized remediation tracking across application and infrastructure layers.
• Evaluate, implement, and manage a centralized application vulnerability management platform (such as DefectDojo) to consolidate findings from all scanning tools, penetration tests, and manual assessments into a single pane of glass view across the company's application portfolio; drive consistent tracking, prioritization, and remediation workflows across teams.
• Integrate security testing tooling into CI/CD pipelines — including pipeline hardening, automated scanning gates, and secrets detection.
• Conduct security architecture reviews for new features, integrations, and third-party components.
• Operate and optimize CrowdStrike Next-Gen SIEM for threat detection, alert triage, investigation, and incident response.
• Leverage CrowdStrike Threat Intelligence and Data Protection capabilities to identify, investigate, and contain emerging threats.
• Use Rapid7 for vulnerability management, risk prioritization, and reporting; correlate findings with CrowdStrike telemetry for enriched context.
• Conduct proactive threat hunting and perform root cause analysis on security incidents.
• Develop and refine detection rules, correlation logic, and response playbooks.
• Prepare and maintain security reports, logs, and documentation.
• Maintain and enforce the company's AI Tool Inventory; conduct periodic reviews to validate that all IT-procured and employee-adopted AI tools are catalogued, risk-classified, and reviewed against AI policies.
• Partner with Legal and IT to perform security reviews of AI and SaaS tools prior to onboarding; evaluate vendor security posture using UpGuard, complete AI-specific controls in vendor onboarding questionnaires, and document findings in the vendor risk register.
• Monitor procured AI tools and IT-managed platforms for compliance with data handling, access control, and logging requirements; identify and remediate gaps against SOC 2 Type II controls and ISO/IEC 42001 AI management system alignment.
• Support the classification and security review of internally developed and procured Copilot/AI agents using the company's agent publishing risk framework; assess data access scope, output risk, and integration security prior to production deployment.
• Apply and maintain the MCP Server Security Baseline for AI integrations and MCP connector deployments; review connector data flows, permission scopes, and audit logging to ensure compliance with established minimum security controls.
• Contribute to AI security awareness and policy enforcement activities, including monitoring adherence to the AI Dev Policy Controls initiative, supporting Netskope DLP policy tuning for AI-destined data flows, and escalating policy violations through appropriate channels.
• Drive measurable improvements in vulnerability management maturity — reducing MTTR, improving SLA adherence, and enhancing risk prioritization practices.
• Develop metrics, KPIs, and dashboards that demonstrate security program effectiveness to leadership and compliance stakeholders.
• Support alignment with NIST CSF 2.0 and contribute to ongoing compliance initiatives including SOC 2 Type II and ISO 27001 alignment.
• Document security processes, runbooks, and procedures to build repeatable, audit-ready workflows in Confluence.
• Identify opportunities for tooling consolidation, automation, and operational efficiency across the security program.
• Support SOC 2 audit lifecycle activities.
• Help implement and standardize security responses to security questionnaires using existing and new technologies.
• Work with CloudOps, IT, and Dev teams to ensure security measures are implemented and operating effectively.
• Other duties as assigned.

Benefits

• Flexible schedules
• An authentic work-life balance
• Payment in US Dollars