[8PP] Senior Security Analyst - AI & Application Security

About the role

Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- AI & Application Security. In addition to a competitive salary rate and a positive work environment, we are committed to delivering high-quality technology solutions, we also offer: Flexible schedules An authentic work-life balance Payment in US Dollars We are seeking a Senior Security Analyst with experience in monitoring and analyzing network and system activity to detect security threats, with hands-on expertise using tools like CrowdStrike Falcon including its Next-Gen SIEM, Data Protection, CSPM, Threat Intelligence capabilities, Qualys, and Rapid7 SIEM, CI/CD pipeline hardening cloud security in AWS and/or Azure and security architecture. Experience implementing process improvements and driving program maturity aligned with NIST CSF 2.0 is essential. Familiarity with AI governance frameworks (ISO/IEC 42001, NIST AI RMF) and experience evaluating AI and SaaS tools for security and compliance risk is strongly desired. You should also have excellent communication, problem-solving, and analytical skills, as well as the ability to work independently and as part of a team. #LI-DNI Duties and responsibilities for the role include: Application Security (AppSec) Lead application security testing activities including SAST, DAST, and software composition analysis (SCA) across the SDLC. Coordinate and manage third-party penetration tests for web applications, APIs, and cloud infrastructure; track remediation to closure. Leverage Qualys for vulnerability scanning, asset discovery, and prioritized remediation tracking across application and infrastructure layers. Evaluate, implement, and manage a centralized application vulnerability management platform (such as DefectDojo) to consolidate findings from all scanning tools, penetration tests, and manual assessments into a single pane of glass view across the company's application portfolio; drive consistent tracking, prioritization, and remediation workflows across teams. Integrate security testing tooling into CI/CD pipelines - including pipeline hardening, automated scanning gates, and secrets detection. Conduct security architecture reviews for new features, integrations, and third-party components. Security Operations & Detection Operate and optimize CrowdStrike Next-Gen SIEM for threat detection, alert triage, investigation, and incident response. Leverage CrowdStrike Threat Intelligence and Data Protection capabilities to identify, investigate, and contain emerging threats. Use Rapid7 for vulnerability management, risk prioritization, and reporting; correlate findings with CrowdStrike telemetry for enriched context. Conduct proactive threat hunting and perform root cause analysis on security incidents. Develop and refine detection rules, correlation logic, and response playbooks. Prepare and maintain security reports, logs, and documentation. AI Tool Governance & Procured Technology Compliance Maintain and enforce the company's AI Tool Inventory; conduct periodic reviews to validate that all IT-procured and employee-adopted AI tools are catalogued, risk-classified, and reviewed against AI policies. Partner with Legal and IT to perform security reviews of AI and SaaS tools prior to onboarding; evaluate vendor security posture using UpGuard, complete AI-specific controls in vendor onboarding questionnaires, and document findings in the vendor risk register. Monitor procured AI tools and IT-managed platforms for compliance with data handling, access control, and logging requirements; identify and remediate gaps against SOC 2 Type II controls and ISO/IEC 42001 AI management system alignment. Support the classification and security review of internally developed and procured Copilot/AI agents using the company's agent publishing risk framework; assess data access scope, output risk, and integration security prior to production deployment. Apply and maintain the MCP Server Security Baseline for AI integrations and MCP connector deployments; review connector data flows, permission scopes, and audit logging to ensure compliance with established minimum security controls. Contribute to AI security awareness and policy enforcement activities, including monitoring adherence to the AI Dev Policy Controls initiative, supporting Netskope DLP policy tuning for AI-destined data flows, and escalating policy violations through appropriate channels. Program Maturity & Process Improvement Drive measurable improvements in vulnerability management maturity - reducing MTTR, improving SLA adherence, and enhancing risk prioritization practices. Develop metrics, KPIs, and dashboards that demonstrate security program effectiveness to leadership and compliance stakeholders. Support alignment with NIST CSF 2.0 and contribute to ongoing compliance initiatives including SOC 2 Type II and ISO 27001 alignment. Document security processes, runbooks, and procedures to build r

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Softwaremind? Share your experience