[8PP] Senior Security Analyst- Application Security & DevSecOps

About The Position

Requirements

• 5+ years of experience in Application Security, DevSecOps, or a similar role.
• Demonstrated experience maturing an engineering organization through Secure SDLC adoption — not just deploying tools.
• Hands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets management.
• Strong product and technology security review experience — ability to assess a new platform or tool and articulate concrete risks and mitigations.
• Experience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents).
• Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM).
• Cloud security experience in AWS and/or Azure.
• Strong collaboration and communication skills — able to coach developers and present risk to both technical and executive audiences.
• +90% English proficiency (written and spoken, minimum B2 level).

Nice To Haves

• Experience in a SOC 2 and/or ISO 27001 environment.
• Threat modeling experience.
• Exposure to AI/ML security and governance considerations.
• Relevant certifications: CSSLP, GWAPT, CISSP, or cloud security certifications.

Responsibilities

• Partner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibility.
• Assess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestones.
• Lead developer enablement initiatives — secure coding guidance, threat modeling, and a security champions program — that build durable capability within engineering teams.
• Integrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal friction.
• Evaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoption.
• Conduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerations.
• Review third-party and supply chain risk — dependencies, integrations, AI/ML components, and vendor security posture — and define conditions for safe use.
• Produce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadership.
• Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements.
• Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments.
• Drive cloud posture improvements — configuration hardening, CIS benchmark alignment, WAF, and network segmentation.
• Establish supply chain security controls including dependency governance and code signing.

Benefits

• Flexible schedules
• Authentic work-life balance
• Payment in US Dollars