Application Security Analyst

Job Title: Application Security Analyst - Senior

Location: Charlotte, Atlanta

Duration: 4 months contract to hire

Description:

Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)

• Intake management, onboarding support, coordination and consulting with development teams, maintaining scanning schedules and monitoring scan failures.

Bachelor Degree: (Required, Preferred or Not Required)

• Preferred.

Role Responsibilities: (what they will be doing)

• Manage new API security intake requests, ensuring proper documentation and risk assessment.
• Coordinate with development teams to gather additional technical details for security reviews.
• Track and ensure timely responses between security and development teams for remediation and clarifications.
• Maintain and optimize application security scanning schedules for APIs, containers, and applications.
• Perform and validate DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) scans, analyze results, and drive remediation.
• Oversee container security assessments, ensuring compliance with organizational standards.
• Document findings, create actionable reports, and communicate risks effectively to technical and non-technical stakeholders.
• Support knowledge transfer from outgoing consultants and ensure continuity of security processes.

Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)

• Hands-on experience with API security testing and vulnerability management.
• Strong knowledge of DAST and SAST tools (e.g., Burp Suite, OWASP ZAP, Veracode, Checkmarx, Fortify).
• Familiarity with container security (e.g., Docker, Kubernetes, image scanning tools like Anchore or Trivy).
• Proven ability to manage security intake processes and coordinate across multiple development teams.
• Solid understanding of secure coding practices, OWASP Top 10, and API-specific security risks.
• Excellent communication and stakeholder management skills for cross-team collaboration.
• Ability to work independently and hit the ground running in a fast-paced environment.

PlNice to Have Skills/Prior Experiences: (Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)

• Experience with CI/CD pipeline integration for security tools.
• Knowledge of cloud-native security (AWS, Azure, Google Cloud Platform) and API gateways.
• Familiarity with threat modeling and risk assessment methodologies.
• Exposure to DevSecOps practices and automation of security testing.
• Certifications such as CSSLP, GWAPT, or API Security Specialist