Application Security Analyst

We are seeking a highly skilled and motivated Product & Solution Security Professional to ensure the design, development, and deployment of secure software solutions. The role involves close collaboration with cross-functional teams to embed security principles throughout the Software Development Life Cycle (SDLC), conduct threat assessments, and promote a strong security culture across the organization.

1. Integration with SDLC

• Collaborate with software development teams to integrate security best practices across all SDLC stages.
• Ensure security requirements are embedded in design, coding, testing, and deployment activities.
• Conduct code reviews, analyze vulnerabilities, and ensure timely remediation.

2. Security Activities

• Define and implement security protocols, policies, and best practices for product development.
• Conduct threat modeling and risk assessments to identify potential vulnerabilities early in the process.
• Provide actionable guidance on secure coding and vulnerability mitigation strategies.

3. Stakeholder Interaction

• Partner with product managers, project managers, and business analysts to promote security initiatives.
• Communicate security risks and mitigation plans to both technical and non-technical audiences.
• Drive security awareness and a proactive security mindset within teams and across departments.

4. Security Tools and Technologies

• Implement and maintain security tools, including SAST, DAST, and vulnerability scanners.
• Stay current with evolving security technologies, frameworks, and best practices.
• Collaborate with DevOps teams to embed security within CI/CD pipelines (DevSecOps).

5. Training and Awareness

• Conduct application security training and awareness sessions for development teams.
• Encourage continuous improvement and knowledge sharing in security practices.

Required Skills & Experience:

• 710 years of experience in cybersecurity, with a strong focus on application and product security.
• Proven experience integrating security practices within SDLC and working with development teams.
• Strong knowledge of application security concepts, secure coding practices, and OWASP Top 10 vulnerabilities.
• Hands-on experience with static (SAST), dynamic (DAST), and vulnerability scanning tools.
• Proficiency in programming languages such as Java, C#, or Python.
• Familiarity with DevSecOps principles and CI/CD integration.
• Strong analytical, problem-solving, and communication skills.
• Experience influencing and educating stakeholders on security topics.