Senior Application Security Analyst

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)
• Conduct in-depth manual source code reviews to identify vulnerabilities, including logical flaws, business logic bypasses, and insecure design patterns
• Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
• Perform application binary analysis when source code is not available
• Identify opportunities to automate, develop custom rules and standardize information security controls
• Participate in conference calls with engineering team to ensure proper scan coverage and effective results
• Design, develop, and implement AI/ML-driven utilities and models to enhance source code analysis, predict vulnerabilities, and automate the validation of security findings
• Write formal security assessment report for each application
• Direct the development and delivery of secure solutions by coordinating with business and technical teams
• Collaborate with application teams to ensure that any identified security vulnerabilities are remediated in a timely manner
• Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met
• Research and explore new testing tools and methodologies
• Act as a mentor to the junior team members

• At least 12+ years of relevant experience in web development, source code review, or application security testing
• Deep understanding and proven expertise in application security principles, common vulnerabilities (e.g., OWASP Top 10, CWE), and secure coding practices
• Development background in Java/J2EE, C#, .NET (and other relevant enterprise languages like Python, JavaScript/Node.js) in an enterprise environment
• Strong understanding of DevSecOps principles, CI/CD pipelines, and integrating automated security tools, including AI/ML-driven solutions, into the Software Development Life Cycle
• Experience using commercial enterprise automated security testing tools such as Burp, Fortify, Checkmarx, Blackduck, Snyk
• Proficiency in leveraging SAST tools and experience with manual code review techniques and tools/IDEs to identify complex vulnerabilities
• Demonstrated experience in AI/ML development, including data modeling, algorithm design, and implementation using Python and relevant libraries/frameworks (e.g., TensorFlow, PyTorch, scikit-learn)
• Professional certifications, such as CISSP, CSSLP (highly preferred), GIAC, CEH or willingness to obtain
• At least bachelor's degree/University degree or equivalent experience

Familiarity with natural language processing (NLP) techniques for code analysis