[8PP] Senior Security Analyst AI & Application Security

Overview
Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- AI & Application Security.

In addition to a competitive salary rate and a positive work environment we are committed to delivering high-quality technology solutions we also offer:

• Flexible schedules
• An authentic work-life balance
• Payment in US Dollars

About the role:

We are seeking a Senior Security Analyst with experience in monitoring and analyzing network and system activity to detect security threats with hands-on expertise using tools like CrowdStrike Falcon including its Next-Gen SIEM Data Protection CSPM Threat Intelligence capabilities Qualys and Rapid7 SIEM CI/CD pipeline hardening cloud security in AWS and/or Azure and security architecture. 

Experience implementing process improvements and driving program maturity aligned with NIST CSF 2.0 is essential. Familiarity with AI governance frameworks (ISO/IEC 42001 NIST AI RMF) and experience evaluating AI and SaaS tools for security and compliance risk is strongly desired. You should also have excellent communication problem-solving and analytical skills as well as the ability to work independently and as part of a team.

#LI-DNI

Qualifications :

Duties and responsibilities for the role include:

Application Security (AppSec) 

• Lead application security testing activities including SAST DAST and software composition analysis (SCA) across the SDLC.
• Coordinate and manage third-party penetration tests for web applications APIs and cloud infrastructure; track remediation to closure.
• Leverage Qualys for vulnerability scanning asset discovery and prioritized remediation tracking across application and infrastructure layers.
• Evaluate implement and manage a centralized application vulnerability management platform (such as DefectDojo) to consolidate findings from all scanning tools penetration tests and manual assessments into a single pane of glass view across the companys application portfolio; drive consistent tracking prioritization and remediation workflows across teams.
• Integrate security testing tooling into CI/CD pipelines including pipeline hardening automated scanning gates and secrets detection.
• Conduct security architecture reviews for new features integrations and third-party components.

Security Operations & Detection

• Operate and optimize CrowdStrike Next-Gen SIEM for threat detection alert triage investigation and incident response.
• Leverage CrowdStrike Threat Intelligence and Data Protection capabilities to identify investigate and contain emerging threats.
• Use Rapid7 for vulnerability management risk prioritization and reporting; correlate findings with CrowdStrike telemetry for enriched context.
• Conduct proactive threat hunting and perform root cause analysis on security incidents.
• Develop and refine detection rules correlation logic and response playbooks.
• Prepare and maintain security reports logs and documentation.

AI Tool Governance & Procured Technology Compliance

• Maintain and enforce the companys AI Tool Inventory; conduct periodic reviews to validate that all IT-procured and employee-adopted AI tools are catalogued risk-classified and reviewed against AI policies.
• Partner with Legal and IT to perform security reviews of AI and SaaS tools prior to onboarding; evaluate vendor security posture using UpGuard complete AI-specific controls in vendor onboarding questionnaires and document findings in the vendor risk register.
• Monitor procured AI tools and IT-managed platforms for compliance with data handling access control and logging requirements; identify and remediate gaps against SOC 2 Type II controls and ISO/IEC 42001 AI management system alignment.
• Support the classification and security review of internally developed and procured Copilot/AI agents using the companys agent publishing risk framework; assess data access scope output risk and integration security prior to production deployment.
• Apply and maintain the MCP Server Security Baseline for AI integrations and MCP connector deployments; review connector data flows permission scopes and audit logging to ensure compliance with established minimum security controls.
• Contribute to AI security awareness and policy enforcement activities including monitoring adherence to the AI Dev Policy Controls initiative supporting Netskope DLP policy tuning for AI-destined data flows and escalating policy violations through appropriate channels.

Program Maturity & Process Improvement

• Drive measurable improvements in vulnerability management maturity reducing MTTR improving SLA adherence and enhancing risk prioritization practices.
• Develop metrics KPIs and dashboards that demonstrate security program effectiveness to leadership and compliance stakeholders.
• Support alignment with NIST CSF 2.0 and contribute to ongoing compliance initiatives including SOC 2 Type II and ISO 27001 alignment.
• Document security processes runbooks and procedures to build repeatable audit-ready workflows in Confluence.
• Identify opportunities for tooling consolidation automation and operational efficiency across the security program.
• Support SOC 2 audit lifecycle activities.
• Help implement and standardize security responses to security questionnaires using existing and new technologies.
• Work with CloudOps IT and Dev teams to ensure security measures are implemented and operating effectively.
• Other duties as assigned.

Required

-Bachelors degree in Computer Science Information Security or related field or equivalent work experience.

-At least 5 years of experience as a Security Analyst or similar role with a demonstrated focus on AppSec security operations and/or AI security.

-Hands-on experience with Qualys or equivalent for vulnerability scanning asset management and remediation tracking.

-Proficiency with CrowdStrike platform capabilities including Next-Gen SIEM Data Protection CSPM AIDR Falcon Shield and Threat Intelligence.

-Experience with Rapid7 or equivalent vulnerability management platform for risk prioritization and/or incident detection.

-Cloud security experience in AWS and/or Azure including IAM security group configurations logging and posture management.

-Experience hardening CI/CD pipelines and integrating AppSec tooling (SAST/DAST/SCA) into development workflows.

-Experience coordinating penetration tests and managing remediation lifecycle.

-Demonstrated ability to implement security process improvements and drive program maturity.

-Working knowledge of NIST CSF 2.0 and how to apply framework functions to operational security programs.

-Knowledge of security concepts principles and best practices such as threat modeling risk assessment encryption and authentication.

-Knowledge of common security vulnerabilities threats and attack vectors such as phishing ransomware DDoS and SQL injection.

-Excellent communication problem-solving and analytical skills.

-Ability to work independently and as part of a team.

-Certifications such as CISSP OSCP CEH GCIH GCFA CrowdStrike CCFA/CCFH or AWS Security Specialty are preferred; AI security certifications such as AAISPM or equivalent AI governance certification are a plus.

-Knowledge of AI/ML security considerations and AI governance frameworks including ISO/IEC 42001 and NIST AI RMF 1.0.

Job Skills/Requirements
- 90% English written and oral (at least B2 level) with excellent communication skills
- Strong security architecture background
- Experience with cloud platforms (Azure and AWS)
- Familiarity with AI tooling (e.g. Databricks)
- Solid understanding of security best practices
- Previous experience as a security architect
- Knowledge of secure coding practices
- Ability to work with internal /external teams to compile evidence to satisfy compliance audits 

Additional Information :

Preferred

• Experience in a SaaS or cloud-native software company environment.
• Familiarity with SOC 2 Type II or ISO 27001 frameworks and their underlying control requirements.
• Experience with security architecture review processes and threat modeling (STRIDE PASTA etc.).
• Scripting or automation experience (Python PowerShell Bash) for security tooling integration.
• Experience with network security zero trust architecture or microsegmentation.
• Experience conducting vendor security assessments for AI and SaaS tools including evaluation against AI governance frameworks and data handling controls.

Remote Work :

No

Employment Type :

Full-time