Application Security Analyst

Roles and Responsibilities:

We’re looking for a technically sharp Application Security Analyst with a developer mindset and a strong grasp of application security vulnerabilities, secure coding practices, and foundational knowledge of cloud security (AWS). This is an individual contributor role that requires working closely with development and DevOps teams to embed security into the software development lifecycle and harden our cloud-native applications.

🛡 Application Security Focus:

• Conduct in-depth security reviews of web and API applications.
• Identify and remediate vulnerabilities based on OWASP Top 10, SANS, and CWE standards.
• Perform secure code reviews (manual & automated) and guide developers in writing secure code.
• Operate and interpret results from SAST, DAST, and SCA tools like SonarQube, Burp Suite, ZAP, Snyk, or Veracode.
• Collaborate with engineering teams to integrate security testing in CI/CD pipelines.
• Support and enforce secure SDLC practices, including threat modeling and design reviews.
• Work with product and QA teams to validate remediations and re-test vulnerabilities.

☁️ Cloud Security Exposure (AWS):

• Understand and assist in securing key AWS services (IAM, EC2, S3, RDS, VPC, KMS).
• Use AWS Security tools like GuardDuty, Security Hub, CloudTrail, and Config to monitor and report risks.
• Collaborate with cloud engineers to identify misconfigurations and support least privilege IAM practices.
• Conduct cloud-specific threat modeling for applications deployed in AWS.
• Participate in periodic cloud security posture reviews and audits using AWS Well-Architected and CIS benchmarks.

Qualifications & Skills

• Strong programming/scripting skills in Python, JavaScript, Node.js, or Java
• .Deep understanding of OWASP Top 10, secure coding principles, and application threat vectors
• .Hands-on experience with application security testing tools such as
• :Burp Suit
• eOWASP ZA
• PSonarQub
• eSny
• kWorking knowledge of AWS cloud environment and its basic security services
• .Familiarity with authentication and authorization standards, including
• :OAuth
• 2JW
• TSAM
• LExposure to API security testing and DevSecOps practices
• .Understanding of secure CI/CD integrations

.Certifications (Nice to Have

• )AWS Certified Security – Specialt
• yCEH, OSCP, or CSSL
• PSecure Coding Certification (e.g., EC-Council CASE

)Additional Skills (Nice to Have

• )Experience in
• :API securit
• yContainer security (e.g., Docker, EKS
• )Infrastructure-as-Code tools such as Terraform or CloudFormatio
• nExposure to bug bounty platforms like HackerOne or Bugcrow
• dParticipation in Capture The Flag (CTF) competitions or security researc

hSoft Skill

• sAbility to clearly articulate technical risks to developers and stakeholders
• .Strong problem-solving abilities and excellent attention to detail

.Capable of working independently with minimal supervision in a fast-paced, product-focused environment