Application Security Analyst

Roles and Responsibilities:

Application Security Analyst

🛡 Application Security Focus:

• Conduct in-depth security reviews of web and API applications.
• Identify and remediate vulnerabilities based on

  OWASP Top 10

  ,

  SANS

  , and

  CWE standards

  .
• Perform

  secure code reviews

  (manual & automated) and guide developers in writing secure code.
• Operate and interpret results from

  SAST, DAST, and SCA tools

  like SonarQube, Burp Suite, ZAP, Snyk, or Veracode.
• Collaborate with engineering teams to integrate security testing in

  CI/CD pipelines

  .
• Support and enforce

  secure SDLC

  practices, including threat modeling and design reviews.
• Work with product and QA teams to validate remediations and re-test vulnerabilities.

☁️ Cloud Security Exposure (AWS):

• Understand and assist in securing key AWS services (IAM, EC2, S3, RDS, VPC, KMS).
• Use

  AWS Security tools

  like GuardDuty, Security Hub, CloudTrail, and Config to monitor and report risks.
• Collaborate with cloud engineers to identify misconfigurations and support least privilege IAM practices.
• Conduct

  cloud-specific threat modeling

  for applications deployed in AWS.
• Participate in periodic

  cloud security posture reviews

  and audits using AWS Well-Architected and CIS benchmarks.

Qualifications & Skills

• Strong programming/scripting skills in

  Pytho

  n,

  JavaScrip

  t,

  Node.j

  s, or

  Jav

  a
• .Deep understanding of

  OWASP Top 1

  0,

  secure coding principle

  s, and

  application threat vector

  s
• .Hands-on experience with

  application security testing tool

  s such as

• :Burp Suit

• eOWASP ZA

• PSonarQub

• eSny

• kWorking knowledge of

  AWS cloud environmen

  t and its

  basic security service

  s
• .Familiarity with

  authentication and authorization standard

  s, including

• :OAuth

• 2JW

• TSAM

• LExposure to

  API security testin

  g and

  DevSecOp

  s practices
• .Understanding of

  secure CI/CD integration

  s

.Certifications (Nice to Have

• )AWS Certified Security – Specialt

• yCE

  H,

  OSC

  P, or

  CSSL

• PSecure Coding Certificatio

  n (e.g.,

  EC-Council CAS

  E

)Additional Skills (Nice to Have

• )Experience in

• :API securit

• yContainer securit

  y (e.g.,

  Docke

  r,

  EK

  S

• )Infrastructure-as-Cod

  e tools such as

  Terrafor

  m or

  CloudFormatio

• nExposure to

  bug bounty platform

  s like

  HackerOn

  e or

  Bugcrow

• dParticipation in

  Capture The Flag (CTF

  ) competitions or security researc

hSoft Skill

• sAbility to

  clearly articulate technical risk

  s to developers and stakeholders
• .Strong

  problem-solving abilitie

  s and excellent

  attention to detai

  l

independently with minimal supervisio