Job Closed
This listing is no longer active.
Omilia is the leading provider of Natural Language Understanding enabled IVR & natural dialogue interaction solutions.
Senior Product Security Analyst
Location
United States
Posted
139 days ago
Salary
0
Seniority
Senior
Job Description
Senior Product Security Analyst
Omilia - Conversational Intelligence
• We are seeking a highly capable and pragmatic Senior Product Security Analyst to safeguard our products, platforms, and customers as we scale. • This is a senior individual contributor role with clear accountability and decision-making authority, responsible for independently identifying, assessing, and driving resolution of security risks across the product lifecycle. • Reporting to the Director, Product Security, you will act as the primary application and product security owner for assigned products, partnering closely with engineering, product management, cloud, and platform teams. • You will embed application-focused security practices into design and delivery, exercise sound technical and risk judgment in release decisions, and play a key role in advancing the maturity, consistency, and resilience of our product security capabilities in a fast-growing environment. • Act as the primary application and product security partner for assigned products and services, owning end-to-end security reviews from design through release. • Lead application-focused security assessments, including architecture reviews, threat modeling, and secure design validation for APIs, microservices, and SaaS platforms. • Independently assess security risk and approve, delay, or block releases when required, escalating decisions where business urgency or customer commitments necessitate alignment. • Provide authoritative, risk-based guidance to engineering teams, helping them understand not just what needs to be fixed, but also include security and risk context. • Own vulnerability triage and prioritization for assigned products, ensuring findings are contextualized based on exploitability, exposure, and business impact. • Interpret results from application security testing activities (SAST, DAST, SCA, manual reviews), translating technical findings into actionable remediation guidance. • Monitor relevant external threats, attack techniques, and vulnerability trends, proactively assessing applicability to products and platforms. • Support investigation and remediation of product- and application-related security incidents. • Partner with engineering, platform, and cloud teams to embed secure-by-design practices into the SDLC, with a strong emphasis on application-layer controls. • Apply hands-on technical judgment to validate engineering assumptions, challenge risk decisions, and ensure security controls are implemented effectively. • Contribute to the evolution of application security standards, guardrails, and review practices that scale across multiple product teams. • Support alignment of application and product security practices with applicable frameworks such as PCI DSS and GDPR, focusing on practical security outcomes rather than checkbox compliance. • Translate internal controls into actionable engineering requirements and support evidence collection for audits and assessments as needed. • Coordinate and support penetration testing, bug bounty programs, and third-party security assessments, ensuring timely remediation and risk closure. • Build trusted, durable relationships with product, engineering, cloud, platform, and CGRC teams. • Clearly articulate security risk, trade-offs, and remediation options to both technical and non-technical stakeholders. • Contribute to the long-term maturity of the product and application security program through pattern recognition, continuous improvement, and shared learning.
Job Requirements
- 5+ years of experience in application security, product security, or a closely related domain.
- Strong practical understanding of secure SDLC, application security principles (e.g., OWASP Top 10), threat modeling, vulnerability management, and security risk assessment.
- Demonstrated experience owning end-to-end security reviews for applications or products, including release decision support.
- Hands-on familiarity with application security testing approaches (SAST, DAST, SCA), with the ability to interpret findings and assess real-world risk.
- Experience working with cloud-native SaaS environments, preferably AWS, including API driven and microservice based architectures.
- Working knowledge of PCI DSS and GDPR, with experience translating security and compliance requirements into engineering practices.
- Ability to apply independent technical and risk judgment, including challenging assumptions and driving remediation.
- Strong communication skills, capable of engaging both engineers and business stakeholders.
- Experience working in agile or iterative development environments.
- Strong verbal and written communication skills in English.
- Willingness to collaborate across distributed teams and time zones with reasonable flexibility.
- Nice to have
- Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field.
- Relevant certifications such as CCSP, CSSLP, AWS Certified Security, or AWS Solutions Architect.
- Experience with manual application security testing, secure design reviews, or API security analysis.
- Exposure to customer-facing SaaS platforms with regulatory or data protection requirements.
- Familiarity with AI-enabled or data-intensive systems, including emerging application security and privacy considerations.
- Experience contributing to the evolution of security standards, review patterns, or guardrails across multiple teams or products.
- Background in quickly evolving organizations that rapidly scale and mature security and compliance practices.
Benefits
- Fixed compensation;
- Long-term employment with the working days vacation;
- Development in professional growth (courses, training, etc);
- Being part of successful cutting-edge technology products that are making a global impact in the service industry;
- Proficient and fun-to-work-with colleagues;
- Apple gear.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
• This is a remote position. • You will be responsible for assisting the IT Security team with day-to-day IT security tasks and tool monitoring. • A part of your job role will be to ensure that the company's digital assets are protected from unauthorized access. • This includes securing both cloud and on-premises infrastructures, weeding through metrics and data to filter out suspicious activity, and finding and mitigating risks before breaches occur. • You will work with the infrastructure team to assist them with the security implementations in our IT infrastructure. • You will be responsible for assisting your team in setting security standards and maintaining computer networks while protecting the company from cyber-attacks. • You will be required to participate in security audits and help customers resolve their queries regarding the security landscape within the organization. • Other specific responsibilities include: Monitoring security access and various security tools to resolve the generated alerts. • Performing risk analysis and determining security gaps. • Assisting with cybersecurity compliance and governance. • Assist in maintaining security policies and documentation. • Analyzing security breaches to identify the root cause. • Verifying the security of third-party vendors and collaborating with them to meet security requirements.
• Investigate and respond to escalated security incidents across Microsoft cloud and on-premises environments • Perform advanced incident analysis using Microsoft Defender suite and Azure Sentinel • Conduct security assessment of Azure/Microsoft 365 configurations and implement hardening recommendations • Analyze and respond to advanced Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket) • Monitor and investigate Exchange Server logs, email flow patterns, and phishing campaigns • Analyze federation security including ADFS token-based attacks and SAML token manipulation • Configure and tune WAF/firewall rule sets and investigate related security incidents • Develop network segmentation strategies and identify lateral movement attempts • Develop and maintain incident response playbooks for various attack scenarios • Coordinate incident response activities with cross-functional teams
• Provides leadership and guidance to the IAM Security team, organization and business partners on Sharp HealthCare's Identity and Access Management (IAM) and Epic Security strategy; ensuring policies and security standards are met • Responsible for the design, implementation, and maintenance of identity and access management systems, ensuring authorized individuals have appropriate access to systems and data • Efficiently and effectively, respond to IAM and Epic Security incidents, service requests, application access requests and audits • Provides leadership and support to peers as well as various other departments of the organization • Responsible for coordinating activities with multiple IT teams and Sharp departments to develop, maintain, support, and enhance Epic access and security
Applications Security Analyst III – Senior
Boston Medical Center (BMC)We’re providing accessible and exceptional care to make a healthier Boston.
• Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for joiner/mover/leaver access changes, troubleshooting, and triage • Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately • Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability • Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy • Develop and maintain standardized access patterns Attribute Based Access Control (ABAC) /templates, privileged/elevated access controls) aligned to least privilege • Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions • Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve • Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps • Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans • Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready” (clean entitlements, requestable roles, approvals, constraints, and edge-case handling) • Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students) • Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails • Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices • Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement.
