Software Mind
[8PP] Senior Security Analyst- Application Security & DevSecOps
Vaga remota de Application Security com fit claro de localização do candidato.
Publicada3 de jul. de 2026
Países elegíveis2 países aceitos
Sinal de senioridadeSenior
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Costa RicaEstados Unidos
Resumo da vaga
[8PP] Senior Security Analyst- Application Security & DevSecOps
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
Details
- Flexible schedules
- An authentic work-life balance
- Payment in US Dollars
SSDLC Maturity & Developer Enablement
- Partner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibility
- Assess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestones
- Lead developer enablement initiatives — secure coding guidance, threat modeling, and a security champions program — that build durable capability within engineering teams
- Integrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal friction
Product & Technology Security Review
- Evaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoption
- Conduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerations
- Review third-party and supply chain risk — dependencies, integrations, AI/ML components, and vendor security posture — and define conditions for safe use
- Produce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadership
- Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements
Cloud & Pipeline Security
- Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments
- Drive cloud posture improvements — configuration hardening, CIS benchmark alignment, WAF, and network segmentation
- Establish supply chain security controls including dependency governance and code signing
Required
- 5+ years of experience in Application Security, DevSecOps, or a similar role
- Demonstrated experience maturing an engineering organization through Secure SDLC adoption — not just deploying tools
- Hands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets management
- Strong product and technology security review experience — ability to assess a new platform or tool and articulate concrete risks and mitigations
- Experience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents)
- Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM)
- Cloud security experience in AWS and/or Azure
- Strong collaboration and communication skills — able to coach developers and present risk to both technical and executive audiences
- +90% English proficiency (written and spoken, minimum B2 level)
Preferred
- Experience in a SOC 2 and/or ISO 27001 environment
- Threat modeling experience
- Exposure to AI/ML security and governance considerations
- Relevant certifications: CSSLP, GWAPT, CISSP, or cloud security certifications
Vagas similares
Mantenha uma lista reserva.
AWS, CI/CD 13 países aceitos
Senior QA Automation EngineerSubway EcommerceVer vaga AWS, Azure 8 países aceitos
Senior DevOps EngineerFionetVer vaga AWS 13 países aceitos
Senior Software EngineerBaltimore BannerVer vaga AWS 8 países aceitos
Talent Community| Senior JavaScript Full Stack EngineerHiring teamVer vaga Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.