Resumo da vaga

[8PP] Senior Security Analyst- Application Security & DevSecOps

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

Details

  • Flexible schedules
  • An authentic work-life balance
  • Payment in US Dollars

SSDLC Maturity & Developer Enablement

  • Partner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibility
  • Assess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestones
  • Lead developer enablement initiatives — secure coding guidance, threat modeling, and a security champions program — that build durable capability within engineering teams
  • Integrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal friction

Product & Technology Security Review

  • Evaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoption
  • Conduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerations
  • Review third-party and supply chain risk — dependencies, integrations, AI/ML components, and vendor security posture — and define conditions for safe use
  • Produce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadership
  • Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements

Cloud & Pipeline Security

  • Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments
  • Drive cloud posture improvements — configuration hardening, CIS benchmark alignment, WAF, and network segmentation
  • Establish supply chain security controls including dependency governance and code signing

Required

  • 5+ years of experience in Application Security, DevSecOps, or a similar role
  • Demonstrated experience maturing an engineering organization through Secure SDLC adoption — not just deploying tools
  • Hands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets management
  • Strong product and technology security review experience — ability to assess a new platform or tool and articulate concrete risks and mitigations
  • Experience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents)
  • Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM)
  • Cloud security experience in AWS and/or Azure
  • Strong collaboration and communication skills — able to coach developers and present risk to both technical and executive audiences
  • +90% English proficiency (written and spoken, minimum B2 level)

Preferred

  • Experience in a SOC 2 and/or ISO 27001 environment
  • Threat modeling experience
  • Exposure to AI/ML security and governance considerations
  • Relevant certifications: CSSLP, GWAPT, CISSP, or cloud security certifications
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoApplication SecurityÁrea da vaga
Sinal de senioridadeSeniorNível do candidato
StackAWS, Azure, CI/CDSkills principais
Localização2 países aceitosElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Aplicar no site da empresaSite da empresaAbrir link