[8PP] Senior Security Analyst- Application Security & DevSecOps
Software Mind
3h ago
0OtherCosta Ricahimalayas
Application-SecurityDevSecOpsSecurity-AnalystCybersecurityInformation-SecurityLead-Application-Security-EngineerApplication-Security-AnalystApplication-Security-EngineerSenior-Information-Security-AnalystApplication-Security-LeadSenior
Job Description
Overview
Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- Application Security & DevSecOps
In addition to a competitive salary rate and a positive work environment, we are committed to delivering high-quality technology solutions, we also offer:Flexible schedulesAn authentic work-life balancePayment in US DollarsSenior Security Analyst – Application Security & DevSecOpsAbout the RoleWe are seeking a Senior Security Analyst with a strong background in Application Security and DevSecOps, focused on embedding security throughout the software development lifecycle. This is not a traditional SecOps monitoring role — the ideal candidate is someone who partners closely with engineering teams, drives security program maturity, and can assess technology risk at both a technical and strategic level.Key ResponsibilitiesSSDLC Maturity & Developer EnablementPartner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibilityAssess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestonesLead developer enablement initiatives — secure coding guidance, threat modeling, and a security champions program — that build durable capability within engineering teamsIntegrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal frictionProduct & Technology Security ReviewEvaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoptionConduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerationsReview third-party and supply chain risk — dependencies, integrations, AI/ML components, and vendor security posture — and define conditions for safe useProduce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadershipPartner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirementsCloud & Pipeline SecurityImplement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environmentsDrive cloud posture improvements — configuration hardening, CIS benchmark alignment, WAF, and network segmentationEstablish supply chain security controls including dependency governance and code signingWhat We're Looking ForRequired5+ years of experience in Application Security, DevSecOps, or a similar roleDemonstrated experience maturing an engineering organization through Secure SDLC adoption — not just deploying toolsHands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets managementStrong product and technology security review experience — ability to assess a new platform or tool and articulate concrete risks and mitigationsExperience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents)Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM)Cloud security experience in AWS and/or AzureStrong collaboration and communication skills — able to coach developers and present risk to both technical and executive audiences+90% English proficiency (written and spoken, minimum B2 level)PreferredExperience in a SOC 2 and/or ISO 27001 environmentThreat modeling experience Exposure to AI/ML security and governance considerationsRelevant certifications: CSSLP, GWAPT, CISSP, or cloud security certificationsWe are Software Mind, an awesome team of engineers who are ready to ramp up any top-notch company’s projects! Our aim? To always be one step ahead. Become part of a multicultural company in constant growth with an excellent work environment certified by Great Place To Work!Originally posted on Himalayas
