[8PP] Senior Security Analyst- Application Security & DevSecOps

Job Description

Overview
Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- Application Security & DevSecOps

In addition to a competitive salary rate and a positive work environment, we are committed to delivering high-quality technology solutions, we also offer:

• Flexible schedules
• An authentic work-life balance
• Payment in US Dollars

Senior Security Analyst – Application Security & DevSecOps

About the Role

We are seeking a Senior Security Analyst with a strong background in Application Security and DevSecOps, focused on embedding security throughout the software development lifecycle. This is not a traditional SecOps monitoring role — the ideal candidate is someone who partners closely with engineering teams, drives security program maturity, and can assess technology risk at both a technical and strategic level.

Qualifications

Key Responsibilities

SSDLC Maturity & Developer Enablement

• Partner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibility
• Assess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestones
• Lead developer enablement initiatives — secure coding guidance, threat modeling, and a security champions program — that build durable capability within engineering teams
• Integrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal friction

Product & Technology Security Review

• Evaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoption
• Conduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerations
• Review third-party and supply chain risk — dependencies, integrations, AI/ML components, and vendor security posture — and define conditions for safe use
• Produce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadership
• Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements

Cloud & Pipeline Security

• Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments
• Drive cloud posture improvements — configuration hardening, CIS benchmark alignment, WAF, and network segmentation
• Establish supply chain security controls including dependency governance and code signing

What We're Looking For

Required

• 5+ years of experience in Application Security, DevSecOps, or a similar role
• Demonstrated experience maturing an engineering organization through Secure SDLC adoption — not just deploying tools
• Hands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets management
• Strong product and technology security review experience — ability to assess a new platform or tool and articulate concrete risks and mitigations
• Experience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents)
• Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM)
• Cloud security experience in AWS and/or Azure
• Strong collaboration and communication skills — able to coach developers and present risk to both technical and executive audiences
• +90% English proficiency (written and spoken, minimum B2 level)

Additional Information

Preferred

• Experience in a SOC 2 and/or ISO 27001 environment
• Threat modeling experience 
• Exposure to AI/ML security and governance considerations
• Relevant certifications: CSSLP, GWAPT, CISSP, or cloud security certifications