We deliver uncompromising care and lasting partnerships across acute and post-acute settings.
Application Security Analyst
Location
United States
Posted
20 hours ago
Salary
$75K - $110K / year
Seniority
Senior
Job Description
Application Security Analyst
Sound Physicians
• Integrate security controls and automated checks into CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), secret scanning, container security scanning, and Infrastructure-as-Code (IaC) validation • Partner with developers and platform engineers to identify, prioritize, and remediate application, API, container, and cloud security risks early in the development lifecycle • Perform application security assessments, architecture reviews, and threat modeling exercises for new and existing applications • Conduct secure code reviews and provide guidance on secure coding practices aligned with OWASP Top 10, CWE, and industry standards • Support vulnerability management by validating findings, reducing false positives, tracking remediation, and helping define risk-based service-level expectations • Create and maintain documentation, standards, playbooks, and training materials related to application security, secure development, and DevSecOps practices
Job Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field
- 4+ years of experience in application security, DevOps, cloud security, security engineering, or a related cybersecurity role
- Knowledge of scripting and programming languages such as Python, PowerShell, Java, JavaScript, C#, or Go is highly desirable and considered a plus
- Strong understanding of application security concepts, secure coding practices, and common attack vectors
- Familiarity with cloud platforms such as Azure and AWS
- Familiarity with CI/CD platforms such as Azure DevOps, GitHub Actions, GitLab CI, or Jenkins
- Knowledge of OWASP Top 10, OWASP API Security Top 10, MITRE ATT&CK, and NIST Cybersecurity Framework
- Familiarity with common static and dynamic application security tools
- Experience with application security platforms such as Veracode, Checkmarx, Fortify, SonarQube, Snyk, Mend, Burp Suite, Rapid7 InsightAppSec, or similar tools
- Experience securing containerized applications and platforms (Docker, Kubernetes, OpenShift, AKS, EKS, or GKE), including container image scanning, runtime security monitoring, admission controls, and Kubernetes security best practices
- Ability to analyze security findings, assess risk, and communicate remediation recommendations effectively to technical and non-technical stakeholders
- Familiarity with AI-assisted development processes and appropriate security controls
- Strong written and verbal communication skills
Benefits
- Medical insurance
- Dental insurance
- Vision insurance
- Health care and dependent care flexible spending account
- 401(k) retirement savings plan with a company match
- Paid time off (PTO) begins accruing immediately upon start date at a rate of 15 days per year, in accordance with Sound's PTO policy
- Ten company-paid holidays per year
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Security Analyst
NCC GroupA global team at the heart of cyber innovation, together we create a more secure digital future
Role Description As a Bug Bounty Analyst, you will act as the first line of validation for vulnerability submissions. You will work directly with the Bug Bounty researcher community to accurately reproduce and validate submissions and provide clients with technical writeups for any actionable findings. When triaging vulnerability submissions, analysts must assess the reproducibility, the real-world security impact, and that the reported issue is in scope so that submissions can be successfully filtered prior to escalating to the client. Bug Bounty Analysts serve as a trusted intermediary between the researcher community and the client and therefore must have strong technical capabilities balanced with the ability to deliver clear, professional communication. Key Responsibilities - Reproduce reported vulnerabilities in a controlled manner to confirm their validity. - Ensure that all validated reports meet quality standards for clarity, accuracy, and reproducibility before escalation to the client. - Communicate professionally and constructively with the security researcher community, requesting information and providing clarification where needed. - Communicate clearly and professionally with Enterprise clients ensuring that technical details are understood. - Identify and appropriately handle out-of-scope reports, duplicates, and low-quality AI submissions. - Manage client queues to meet agreed response and validation timeframes. - Author and deliver NCC-quality vulnerability reports to the specifications of individual clients. - Drive or contribute to projects that improve BBS’ tooling, operational processes, and delivery quality. Qualifications - Excellent written and verbal communication skills. - Proven experience in web application, network, and mobile application security testing. - Strong knowledge in OWASP Top 10. - Recent professional experience that required regular use of a programming scripting language (E.g., Python, JavaScript). - Vulnerability Disclosure and Bug Bounty experience. - Vulnerability Management experience is a plus. - Software QA experience is a plus. - Experience with SAST and DAST testing tools is a plus. Benefits - Flexible Working: Balance your work and personal life with our flexible working options. - Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave. - Medicash & Critical Illness Scheme. - Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme. - Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities. - Green Car Scheme: Drive green and save money with our eco-friendly car scheme. - Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme. - Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet. - Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
Role Description Under supervision, the Digital Forensics Intelligence Analyst analyzes evidence, crime reports, and databases to assist agents, law enforcement officers, and prosecutors in the investigation and successful prosecution of crime. - Identify criminal activity trends and linkages. - Assess cases to determine what type of data should be collected and the method of collection required as directed. - Operate case management system. - Provide analysis on data from computers, cell phones, and all other communications. - Retrieve and manage crime database information and ensure it is maintained on case intake and dispositions. - Review cases to provide the best method of visually portraying events, i.e., link diagrams, events, and association charts. - Utilize specialized computer software to analyze and organize information. - Perform other duties as assigned. Qualifications - High school diploma or GED. - A minimum of 3 years of experience in a related field/setting. Requirements - Computer proficiency. - Attention to detail. - Time management and prioritizing skills. - Ability to use good judgment and strong interpersonal skills. - Self-motivated with the ability to work with minimal supervision. - Exceptional oral and written communications skills. - Must be able to pass and maintain a background check and polygraph administered by the State Department of Corrections. Preferred Qualifications - A bachelor’s degree in digital forensics or related field. - Proficient in Excel. Physical Requirements While performing the duties of this job, the employee is regularly required to: stand, sit, talk, hear, and use hands and fingers to operate a computer, telephone, and a variety of office equipment. Occasionally may need to reach, stoop, or kneel. Benefits - Salary range: $20.90 - $23.82/hr based on experience and qualifications. - Health Insurance. - 401(k). - Disability. - Life Insurance. - Paid Time Off. - Voluntary Benefits.
• Responsible for complex level work supporting information technology applications through planning, designing, implementing, maintaining, and providing ongoing optimization and support • Provide advanced technical support, configuration, integration, and maintenance for healthcare applications throughout their lifecycle • May manage small and mid-sized projects related to these applications and technologies • Document and recommend workflow changes and technical/functional designs • Partner with external vendors to support third-party applications • Solve common and complex issues and serve as PM for mid-size projects • Oversee configuration of electronic and mechanical hardware with software products
Principal Security Analyst - Governance, Risk, and Compliance
BlackbaudBlackbaud is a large, private company founded in 1981 to provide technology solutions to nonprofit organizations. The company helps its clients with fundraising, relationship manag
Role Description The Cyber Security Governance, Risk, and Compliance (GRC) team is looking for a Principal Security Analyst to be a key member of a critical security program responsible for security risk and compliance activities across the entire enterprise. The role will require working with various company stakeholders to build and mature the processes of preparing for how Blackbaud identifies, documents, and assesses risk across the organization and determine the strength of our control framework and implementation. - Champion the security risk quantification program and process to enable informed decision making across the organization. - Articulate security risk through the development of Key Risk Indicators (KRIs) and report to multiple stakeholder groups, including the Executive Leadership Team (ELT) and Board of Directors. - Develop, assess, and implement cybersecurity controls and procedures required to protect the confidentiality, integrity, and availability of Blackbaud data. - Lead and coordinate internal and external security, compliance, and regulatory assessments, including customer audits, independent attestations, certification audits, and third party reviews. - Serve as the primary liaison with assessors and stakeholders to ensure successful completion of assessment activities and remediation efforts. - Act as a key stakeholder in corporate governance forums and committees by serving as an active advocate for cybersecurity practices, risk management, and policy compliance. - Partner with control owners to continuously monitor control implementations, assess effectiveness, and track noncompliance issues through resolution. - Enhance change management processes to socialize, communicate, and educate stakeholders on policy, standard, and procedure updates. - Identify opportunities to strengthen and mature the organization's governance, risk, and compliance programs through continuous improvement initiatives and industry best practices. Qualifications - 8+ year’s experience in Information Technology and/or Security - 3+ year's experience in leading audit/ assessment projects - 3+ year’s experience in risk management frameworks (i.e., NIST CSF) - 2+ year’s experience in quantitative risk management frameworks (FAIR, OCTAVE, etc.) - Experience in corporate GRC solutions (Archer, ServiceNow, etc.) - Experience in financial services, or other highly regulated industries (i.e. SOX, SOC, PCI DSS) - Experience working in an agile team - Demonstrated understanding of cyber risks and implementing mitigation plans - Possesses effective communication and presentation skills - Ability to handle multiple priorities and high stress situation - Industry Certifications like: CISSP, CRISC, CISM/CISA, AWS certification(s), Azure certification(s) Benefits - Medical, dental, and vision insurance - Remote-flexible workforce - Wellness Programs - 401(k) program with employer match - Flexible paid time off - Generous Parental Leave - Donations for Doers - Pet insurance, legal and identity protection - Tuition reimbursement program



