[8PP] Senior Security Analyst- Application Security & DevSecOps

Overview
Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- Application Security & DevSecOps

In addition to a competitive salary rate and a positive work environment we are committed to delivering high-quality technology solutions we also offer:

• Flexible schedules
• An authentic work-life balance
• Payment in US Dollars

Senior Security Analyst Application Security & DevSecOps

About the Role

We are seeking a Senior Security Analyst with a strong background in Application Security and DevSecOps focused on embedding security throughout the software development lifecycle. This is not a traditional SecOps monitoring role the ideal candidate is someone who partners closely with engineering teams drives security program maturity and can assess technology risk at both a technical and strategic level.

Qualifications :

Key Responsibilities

SSDLC Maturity & Developer Enablement

• Partner with development teams to embed secure coding practices throughout the SDLC shifting security from a final gate to a shared integrated responsibility
• Assess current development practices against Secure SDLC standards identify gaps and drive a phased maturity roadmap with measurable milestones
• Lead developer enablement initiatives secure coding guidance threat modeling and a security champions program that build durable capability within engineering teams
• Integrate and tune SAST DAST SCA and secrets scanning in CI/CD pipelines (Azure DevOps Bitbucket) to deliver fast in-workflow feedback with minimal friction

Product & Technology Security Review

• Evaluate prospective products platforms SaaS tools and developer tooling to confirm alignment with security best practices before adoption
• Conduct architecture and design reviews assessing authentication authorization data handling encryption logging and multi-tenancy considerations
• Review third-party and supply chain risk dependencies integrations AI/ML components and vendor security posture and define conditions for safe use
• Produce clear risk-based assessments and recommendations (approve approve-with-conditions or reject) for engineering and security leadership
• Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements

Cloud & Pipeline Security

• Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments
• Drive cloud posture improvements configuration hardening CIS benchmark alignment WAF and network segmentation
• Establish supply chain security controls including dependency governance and code signing

What Were Looking For

Required

• 5 years of experience in Application Security DevSecOps or a similar role
• Demonstrated experience maturing an engineering organization through Secure SDLC adoption not just deploying tools
• Hands-on AppSec and DevSecOps background: SAST/DAST/SCA CI/CD pipeline security secrets management
• Strong product and technology security review experience ability to assess a new platform or tool and articulate concrete risks and mitigations
• Experience with CI/CD and source control tooling (Azure DevOps Bitbucket or equivalents)
• Familiarity with secure development frameworks (NIST SSDF OWASP SAMM/ASVS BSIMM)
• Cloud security experience in AWS and/or Azure
• Strong collaboration and communication skills able to coach developers and present risk to both technical and executive audiences
• 90% English proficiency (written and spoken minimum B2 level)

Additional Information :

Preferred

• Experience in a SOC 2 and/or ISO 27001 environment
• Threat modeling experience 
• Exposure to AI/ML security and governance considerations
• Relevant certifications: CSSLP GWAPT CISSP or cloud security certifications

Remote Work :

Yes

Employment Type :

Full-time