CrawlJobs Logo

Application Security Analyst Lead

nttdata.com Logo

NTT DATA

Location Icon

Location:
Romania , Sibiu

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Application Security Analyst Lead will conduct security assessments for web and mobile applications, perform penetration testing, and provide remediation guidance. A bachelor's degree in a related field and 5-10 years of experience in cybersecurity are required. Strong knowledge of OWASP Top 10 and web application security principles is essential. The role involves collaboration with development teams and integration of security testing into CI/CD pipelines.

Job Responsibility:

  • Conduct security assessments for web apps, APIs, and mobile apps under limited supervision
  • Perform OWASP Top 10 and advanced penetration testing (authenticated/unauthenticated)
  • Assess API security (REST, GraphQL, SOAP) and test auth, session management, and access controls
  • Identify business logic flaws and exploit vulnerabilities
  • Perform manual/automated secure code reviews across multiple languages
  • Identify vulnerabilities (injection, XSS, insecure dependencies) and review architecture for weaknesses
  • Analyze third-party libraries, cryptographic implementations, and secure data handling
  • Provide actionable remediation guidance and secure coding recommendations
  • Assess iOS/Android apps, including reverse engineering and binary analysis
  • Test data storage, transmission, backend APIs, and mobile authentication mechanisms
  • Evaluate permissions, intents, IPC, and mobile-specific vulnerabilities (e.g., insecure storage)
  • Integrate security testing into CI/CD pipelines and DevOps workflows
  • Configure and optimize SAST, DAST, and SCA tools
  • develop automation scripts
  • Implement security gates, reusable test cases, and support shift-left security initiatives
  • Analyze findings, determine risk severity, and produce detailed reports with remediation guidance
  • Validate fixes post-remediation, track findings to closure, and maintain vulnerability metrics
  • Present results to development teams and management
  • Review application designs for weaknesses against OWASP ASVS and security standards
  • Evaluate authentication/authorization models, data flows, and threat models
  • Support secure design workshops and threat modeling sessions

Requirements:

  • Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field
  • Minimum 5–10 years of experience in cybersecurity or IT security roles
  • Strong knowledge of OWASP Top 10, OWASP ASVS, and web application security principles
  • Solid experience with web application penetration testing tools and methodologies
  • Proficiency in identifying and exploiting common application vulnerabilities
  • Understanding of API security testing for REST, GraphQL, SOAP, and microservices
  • Knowledge of mobile application security testing for iOS and Android platforms
  • Programming languages: Java, .NET (C#), Python, JavaScript, TypeScript, PHP
  • Web frameworks: Spring, Django, Flask, Express.js, React, Angular, Vue.js
  • Mobile development: Swift, Kotlin, React Native, Flutter basics
  • Scripting: Python, Bash, PowerShell for security automation
  • Database security: SQL injection, NoSQL security, ORM security issues
  • Web testing: Burp Suite Professional, OWASP ZAP, Postman, SQLMap
  • Code analysis: SonarQube, Checkmarx, Fortify, Veracode, Semgrep
  • Mobile testing: MobSF, Frida, Objection, APKTool, iOS security tools
  • Dependency scanning: OWASP Dependency-Check, Snyk, WhiteSource
  • Automation: Selenium, Jenkins, GitLab CI/CD, custom Python scripts
  • Deep understanding of OWASP Testing Guide and Application Security Verification Standard
  • Knowledge of PCI DSS application security requirements
  • Familiarity with secure SDLC practices and DevSecOps principles
  • Understanding of threat modeling methodologies (STRIDE, PASTA, LINDDUN)
  • Awareness of privacy-by-design and secure coding standards
  • Clear technical communication with developers and non-technical stakeholders
  • Ability to explain complex vulnerabilities and provide practical remediation guidance
  • Collaboration skills for working with development, DevOps, and product teams
  • Analytical thinking and creative approach to finding security weaknesses
  • Patience and persistence in thorough security testing activities
  • OSCP (Offensive Security Certified Professional) or CEH (Certified Ethical Hacker) - Mandatory
  • Excellent command of both spoken and written English

Nice to have:

  • GWAPT (GIAC Web Application Penetration Tester) or equivalent web app security cert - Preferred
  • Burp Suite Certified Practitioner
  • Programming or development certification
What we offer:
  • Smooth integration and a supportive mentor
  • Pick your working style: choose from Remote, Hybrid or Office work opportunities
  • Projects have different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance
  • Individual coaching sessions
  • Accredited Coaching School
  • Epic parties or themed events

Additional Information:

Job Posted:
January 26, 2026

Work Type:
Remote work
Icon
NTT DATA - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Application Security Analyst Lead

Information Security Lead Analyst

As part of Citi Infrastructure Defense team, the analyst position will participa...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience with multiple security disciplines and strong understanding of layered defense concepts
  • Deep understanding of TCP/IP technologies and knowledge of network routing protocols
  • Experience defining enterprise security strategy and ecosystem across diverse products
  • Strong hands on experience with firewall and proxy technologies (Bluecoat, Squid, NGINX)
  • Large Scale Network and Security design experience is essential
  • Work with and understand regulatory and risk management requirements
  • Strong unix / linux experience
  • Scripting (Python/Perl/Bash)
  • University / College degree in any STEM area or equivalent industry/technology knowledge
Job Responsibility
Job Responsibility
  • Identify opportunities to automate and standardize information security controls
  • Resolve any vulnerabilities or issues detected in an application or infrastructure
  • Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
  • Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
  • Scan and analyze applications with automated tools, and perform manual testing if necessary
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
  • Direct the development and delivery of secure solutions by coordinating with business and technical contacts
  • Assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup
What we offer
What we offer
  • Opportunity to work on the internal security posture for a large financial and thus shaping the industry overall
  • Exposure to a broad range of investment technology businesses and products
  • Access to our word class testing lab with physical hands on using hundreds of devices in the IT security ecosystem
  • Fulltime
Read More
Arrow Right

Information Security Professional Lead Analyst

The Info Sec Prof Lead Analyst is an intermediate level position responsible for...
Location
Location
Philippines , City of Taguig
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 7+ years of strong data analysis and report development experience
  • 7+ years of experience in information security or related technology experience required
  • At least 7+ years’ experience with Business Intelligence Reporting tools like Cognos, Tableau
  • At least 7+ years’ experience with Databases like Oracle, SQL Server, Microsoft Access
  • Strong Business Intelligence Developer Skills
  • Strong understanding of application development life cycle, CI/CD and DevOps concepts
  • Excellent Excel data analysis and Access database skills
  • Excellent SQL Skills
  • Experience with issue resolution - ability to research, identify and communicate solutions
  • Consistently demonstrates clear and concise written and verbal communication
Job Responsibility
Job Responsibility
  • Design and implement a solution for performance measurements on effectiveness of controls and overall vulnerability assessment program
  • Analyze trends on assets security health posture and report using visualization tools for program review with management and stakeholders
  • Analyze and report aggregated data from multiple data sources
  • Develop data visualization mock-ups for monitoring program data trends and communicate using analytical tools
  • Develop reports for tracking program effectiveness and update power point deck for weekly, monthly and quarterly updates
  • Develop, optimize and provide continuous support for reports and ad-hoc queries from end user
  • Create dashboards with parameters and interactive drill down functionality
  • Analyze trends on assets security health posture and report using visualization tools for program review with management and stakeholders
  • Excellent Analytical Ability - Understand the systems and data flow at a high level to evaluate if appropriate controls are in place for the standards
  • Provide timely, accurate, and actionable reporting on application vulnerability activity, trends, service levels, and areas of concern to senior management
  • Fulltime
Read More
Arrow Right

Applications Development Technology Lead Analyst

Senior level position responsible for establishing and implementing new or revis...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years' working experience in JAVA 8
  • Core JAVA
  • J2EE
  • Spring/Spring Boot Restful Services
  • Databases – DB2/Oracle or equivalent with SQL, PL/SQL programming expertise
  • Substantial experience in Core Java, Java EE and ReactJS/JavaScript/Typescript/CSS4/HTML5
  • Experience in working on multiple technologies and medium to complex systems
  • Well versed with design standards & framework
  • Technologies required – Core Java, Java EE, Multithreading/Concurrency, RESTful Development, JavaScript, CSS, ReactJS
  • Experience in Spring Framework, Spring Integration and persistence frameworks like JPA, Hibernate
Job Responsibility
Job Responsibility
  • Establish and implement new or revised application systems and programs
  • Conduct tasks related to feasibility studies, time and cost estimates, IT planning, risk technology, applications development, model development
  • Monitor and control all phases of development process and analysis, design, construction, testing, and implementation
  • Provide user and operational support on applications to business users
  • Utilize in-depth specialty knowledge of applications development to analyze complex problems/issues
  • Work closely with other technical and business teams across multiple locations to respond to technical enquiries, gather requirements and deliver technical solutions
  • Troubleshoot time-sensitive production issues
  • Analyze data and system outputs to determine the effectiveness of existing data flows
  • Translate business requirements into high-level software designs
  • Implement high-level designs into robust, secure, well-tested and fully maintainable software
  • Fulltime
Read More
Arrow Right

Security Lead – Cloud & IT Security

HPE Operations is our innovative IT services organization. It provides the exper...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Information Security, or related field
  • Minimum 10 years in IT security
  • At least 5 years in a leadership role
  • Proven track record in deploying and managing enterprise firewalls (e.g., Palo Alto, Fortinet, Check Point)
  • Strong knowledge of cloud security for AWS, Azure, and/or Google Cloud
  • Experience with DDoS mitigation solutions (e.g., Cloudflare, Akamai, AWS Shield)
  • Experience with Burpsuite
  • Hands-on knowledge of SIEM, SOAR, EDR, and vulnerability management tools
  • Strong analytical thinking
  • Problem-solving ability
Job Responsibility
Job Responsibility
  • Develop and maintain the organization's IT security roadmap aligned with cloud and enterprise infrastructure
  • Lead security design reviews for new systems, services, and cloud deployments
  • Deploy, configure, and manage network security appliances including next-generation firewalls, IDS/IPS, and web application firewalls
  • Implement and maintain cybersecurity protocols, including endpoint protection, identity management, and access control policies
  • Design and operate DDoS protection mechanisms to ensure availability of critical systems
  • Implement and enforce security measures in public, private, and sovereign cloud environments
  • Monitor and audit cloud configurations to ensure compliance with industry standards (ISO 27001, NIST, CIS, etc.)
  • Lead threat modeling, risk assessment, and vulnerability management initiatives
  • Oversee incident detection, response, and recovery processes to minimize business impact
  • Ensure adherence to regulatory and compliance requirements such as GDPR, HIPAA, PCI-DSS
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Security Analyst

As a Security Analyst, you will be a key player in our IT security team, focusin...
Location
Location
United States , Tallahassee
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Lead the technical execution of security-related projects, focusing on system hardening and network security
  • Engage in effective communication and collaboration with various teams to meet specific security standards
  • Utilize your expertise in firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and encryption to ensure secure configurations
  • Conduct comprehensive vulnerability assessments and devise relevant remediation strategies
  • Manage security tools and provide support for incident response, ensuring the seamless integration of security platforms
  • Ensure strict adherence to Criminal Justice Information Services (CJIS) and State of Florida regulations
  • Work closely with Governance, Risk, and Compliance (GRC) teams to address audit gaps
  • Document and provide training on cybersecurity solutions and processes with a focus on CJIS and State regulations
  • Reengineer security processes for improved efficiency and compliance
  • Stay informed about emerging threats and technologies, providing support for cybersecurity issues
Job Responsibility
Job Responsibility
  • Lead the technical execution of security-related projects, focusing on system hardening and network security
  • Engage in effective communication and collaboration with various teams to meet specific security standards
  • Utilize your expertise in firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and encryption to ensure secure configurations
  • Conduct comprehensive vulnerability assessments and devise relevant remediation strategies
  • Manage security tools and provide support for incident response, ensuring the seamless integration of security platforms
  • Ensure strict adherence to Criminal Justice Information Services (CJIS) and State of Florida regulations
  • Work closely with Governance, Risk, and Compliance (GRC) teams to address audit gaps
  • Document and provide training on cybersecurity solutions and processes with a focus on CJIS and State regulations
  • Reengineer security processes for improved efficiency and compliance
  • Stay informed about emerging threats and technologies, providing support for cybersecurity issues
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligible to enroll in our company 401(k) plan
  • Fulltime
Read More
Arrow Right

Apps Sup Tech Lead Analyst

The Apps Sup Tech Lead Analyst is a strategic professional who provides expertis...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years experience
  • Practical problem solving and strategic thinking skills
  • Demonstrated leadership, interpersonal skills and relationship building skills
  • Service oriented attitude
  • Ability to work in a fast-paced environment
  • Experience working or leading requirement gathering efforts for multiple large development projects at one-time
  • Proficient using basic technical tools and systems
  • Good interpersonal and communication skills
Job Responsibility
Job Responsibility
  • Partner with multiple technology teams to ensure appropriate integration of functions to meet goals
  • Identify and define necessary system enhancements
  • Analyze existing system logic, identify problems, and recommend and implement solutions
  • Provide expertise in area and an advanced level of understanding of the principles of apps support
  • Formulate and define systems scope and objectives for complex, high impact application enhancements and problem resolution through in-depth analysis
  • Partner with multiple technology areas and management teams to ensure appropriate integration of functions to meet goals
  • Work closely with Product Owners, Business Analysts and Systems Analysts to determine and document Systems impacts and support requirements
  • Consider the implications of the application of technology to the current environment
  • Identify risks, vulnerabilities and security issues
  • Communicate impact and propose risk mitigation options
  • Fulltime
Read More
Arrow Right

Senior Information Security Compliance Analyst

We're looking for a technically grounded Senior IS Compliance Analyst who speaks...
Location
Location
United States , Chicago
Salary
Salary:
90000.00 - 130000.00 USD / Year
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience in technical security roles such as Security Operations, Incident Response, Security Analysis, penetration testing, or similar
  • Practical knowledge of security tools, SIEM platforms, vulnerability management, and security monitoring
  • and ability to read and understand security logs, configurations, and technical documentation
  • 6+ years of total experience with significant time in GRC
  • Working knowledge of ISO 27001, NIST frameworks, SOC 1/2, and GDPR requirements
  • Experience developing and implementing information security policies and controls
  • ISO 27001:2022 Lead Implementer and Lead Auditor certification
Job Responsibility
Job Responsibility
  • Lead technical security assessments and integration of acquired companies, mapping their security architectures and controls to our GRC frameworks, identifying gaps, and building remediation roadmaps that address both technical security and compliance alignment
  • Bridge technical security and business stakeholders by evaluating risks through a technical lens, working alongside security engineering teams to translate GRC requirements into practical security measures, and communicating effectively across technical and non-technical audiences
  • Develop and harmonize security policies and control frameworks across acquired entities, ensuring they're both audit ready and operationally sound, while translating between technical security requirements and governance documentation
  • Own customer security questionnaire responses by leveraging your hands-on security background to provide detailed, accurate answers and collaborating with infrastructure, application security, and operations teams to gather technical evidence
  • Drive continuous improvement of our GRC program through technical security enhancements, meaningful security and compliance metrics, and process improvements that increase both control effectiveness and operational efficiency
What we offer
What we offer
  • health and welfare benefits
  • tuition assistance
  • 401K savings and other retirement programs
  • employee assistance programs
Read More
Arrow Right

Cyber Manager's Control Assessment (MCA) Lead Analyst

This role will report to the Cybersecurity MCA Group Manager, responsible for pr...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have at least 8+ years of relevant experience
  • Experience in Manager’s Control Assessment (MCA), Operational Risk, Information Security, Cybersecurity, Risk Management, and/or Governance, Risk and Control (GRC)
  • Risk Management, Cybersecurity, and/or Project Management certifications are a plus (e.g. CRISC, CISA, CISM, CISSP, PMP)
  • Proven experience in implementing sustainable solutions and improving processes
  • Bring creative approaches to help us drive value for clients
  • Ability to influence decisions with senior leadership and business partners when confronted with differing opinions on information security risks
  • Proficiency with Microsoft Office, advanced Excel skills (e.g. macros, pivots, complex formulas)
  • Knowledge of data visualization/analytics business applications such as Tableau, QlikView, and Microsoft Power BI
  • Familiarity with Machine Learning and Artificial Intelligence (AI) is a plus
  • Fluent in English (ability to read, write, and speak)
Job Responsibility
Job Responsibility
  • Manage the planning, coordination, and execution of MCA Transformation program for CISO
  • Drive MCA best practices, transformation, and execution consistency across business/functions
  • Lead efforts in Global Process MCA Profiles (GPMPs) and Continuous Risk Management (CRM) for CISO
  • Gain expert-level knowledge of MCA Standard, Procedure, and tools to support future-state MCA
  • Support CISO Business Processes, Control Owners, and Global Assessment Unit (GAU) Owners in their responsibilities related to MCA execution
  • Identify and document key controls necessary for mitigation of cybersecurity risk
  • Be a hands-on Subject Matter Expert (SME) with the ability to drive problem solving and root cause analyses, simplify complex messages and summarize key points
  • Partner with CISO’s Enterprise Architecture Methodology (EAM) Lead team by which taxonomies and processes interlink with each other, establishing a multifaceted matrix to inform decision-making and simplification
  • Foster constructive dialogue and facilitate open discussion, sharing of knowledge and experience with customers and stakeholders
  • Actively manage relationships with CISO business partners and risk management teams to achieve sustained success
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy