[8PP] Senior Security Analyst- Application Security & DevSecOps

About the role

Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- Application Security & DevSecOps In addition to a competitive salary rate and a positive work environment, we are committed to delivering high-quality technology solutions, we also offer: Flexible schedules An authentic work-life balance Payment in US Dollars Senior Security Analyst - Application Security & DevSecOps We are seeking a Senior Security Analyst with a strong background in Application Security and DevSecOps , focused on embedding security throughout the software development lifecycle. This is not a traditional SecOps monitoring role - the ideal candidate is someone who partners closely with engineering teams, drives security program maturity, and can assess technology risk at both a technical and strategic level.

Responsibilities

• SSDLC Maturity & Developer Enablement
• Partner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibility
• Assess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestones
• Lead developer enablement initiatives - secure coding guidance, threat modeling, and a security champions program - that build durable capability within engineering teams
• Integrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal friction
• Product & Technology Security Review
• Evaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoption
• Conduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerations
• Review third-party and supply chain risk - dependencies, integrations, AI/ML components, and vendor security posture - and define conditions for safe use
• Produce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadership
• Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements
• Cloud & Pipeline Security
• Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments
• Drive cloud posture improvements - configuration hardening, CIS benchmark alignment, WAF, and network segmentation
• Establish supply chain security controls including dependency governance and code signing

Requirements

• Required
• 5+ years of experience in Application Security, DevSecOps, or a similar role
• Demonstrated experience maturing an engineering organization through Secure SDLC adoption - not just deploying tools
• Hands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets management
• Strong product and technology security review experience - ability to assess a new platform or tool and articulate concrete risks and mitigations
• Experience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents)
• Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM)
• Cloud security experience in AWS and/or Azure
• Strong collaboration and communication skills - able to coach developers and present risk to both technical and executive audiences
• +90% English proficiency (written and spoken, minimum B2 level)
• Preferred
• Experience in a SOC 2 and/or ISO 27001 environment
• Threat modeling experience
• Exposure to AI/ML security and governance considerations
• Relevant certifications: CSSLP, GWAPT, CISSP, or cloud security certifications

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Softwaremind? Share your experience