Demo

Application Security Analyst

Cloud and Things
York, NY Full Time
POSTED ON 4/21/2026
AVAILABLE BEFORE 9/29/2027
Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environment. Our team is on the forefront of helping to solve the government's most complex IT challenges. If you are seeking a role that offers the opportunity to work on rewarding projects, consider a career with Cloud and Things.  

*This is an exempt position. Salary commensurate with experience*

Overview:
Location: Hybrid - New York, NY
Salary: $125,000 - $150,000

We are seeking an Application Security Analyst who will support our client to audit, assess, and support the accreditation of applications transitioning to a new infrastructure environment. This role will analyze application security readiness, identify risks, and help ensure systems meet required security standards before deployment. The ideal candidate is detail-oriented, collaborative, and experienced in evaluating application security risks in complex technical environments.

Duties:
  • Evaluate Application vulnerability scan reports
  • Document application vulnerabilities found in scan reports and define vulnerabilities mitigation SLAs
  • Assess if the application vulnerabilities found in scan reports are within the Agency Risk Appetite
  • Communicate and report application vulnerability findings to Business Owner(s) and IT Heads
  • Develop application vulnerability mitigation strategy and mitigation controls to make the applications secure within the agency infrastructure environment
  • Evaluate mitigated application vulnerabilities with development teams to perform security accreditation for production deployment
  • Enforce Risk Acceptance Letter for applications seeking production deployment with unmitigated application vulnerabilities requiring approval from Business Owner(s), IT Head and CISO
Mandatory Qualifications:
  • Associates degree or combination of experience and education
  • 8 years of experience in Application Security & Industry Standards (OWASP, NIST)
  • 8 years of experience in Secured Software Development Life Cycle (SSDLC)
  • 8 years of experience in Threat Modelling & Risk Assessments
  • 5 years of experience in Application Scanning for Vulnerabilities (SAST, DAST)
  • 8 years of experience in Integration of Security in CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins)
  • 8 years of experience in API Security & Access Controls (OAuth, SAML, SSO)
  • 8 years of experience in Cloud Security
  • 8 years of experience in Security Frameworks (NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP, HITRUST)
  • 8 years of experience in Vulnerability Management & Penetration Testing
  • 8 years of experience in Incident Response & Security Operations
  • 8 years of experience in Security Training & Awareness
  • 8 years of experience in Agile Environment Collaboration
  • 8 years of experience in Project Management
  • 8 years of experience in Cross-Functional Team Collaboration
  • 8 years of experience in Client Engagement & Communication
  • 8 years of experience with Operating Systems: Windows Server, Apache, Microsoft IIS, Windows, Linux, VMware, Citrix
  • 8 years of experience with Technology Stack: ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion, JavaScript, HTML, C , C#, MS PowerApps, Python, Powershell, Shell Scripting, Selenium
  • 8 years of experience with Security Tools — Must Have: VERACODE, IBM Appscan, SD Elements, Burp Suite
  • 8 years of experience with Security Tools — Plus to Have: CHEKMARX, Fortify, Prowler, SonarQube, SNYK, Wireshark, OWASP ZAP, Rapid7, STRIDE
Cloud and Things complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws. 

AI-Assisted Resume Evaluation Notice
Cloud and Things – Talent Management

Notice to Candidates
Cloud and Things utilizes artificial intelligence (AI) tools to assist our recruiting team in evaluating candidate applications for streamlining; consistency, efficiency, and thoroughness.  All hiring decisions are ultimately made by our human recruiting professionals.

How AI Is Used
Our AI tools assist by:
  • Analyzing resumes against job requirements
  • Supporting our recruiters in candidate data evaluation
  • Ensuring consistent review standards across all applications
Important: AI serves as a support tool only. As noted above, all candidate selection and hiring decisions are made by experienced human recruiters. Your unedited resume will be processed by our AI tools as part of this evaluation.

Your Data and Privacy

Cloud and Things Data Handling:
  • Your information is processed securely and used exclusively for recruitment purposes
  • Cloud and Things may store your resume in our Applicant Tracking System (ATS) indefinitely for future job matching opportunities
    • You may opt out of long-term ATS storage by emailing your name  and your request to opt out of storing your resume in the ATS to: security@cloudandthings.com
  • All personal information is handled confidentially in accordance with our privacy policy
AI Tool Data Processing:
  • AI processing data is retained for a maximum of 90 days, after which it is deleted
  • All data sent to AI tools is encrypted in transit and at rest
  • AI tools comply with applicable privacy laws including GDPR and CCPA
  • Personal data is anonymized or minimized wherever possible during AI processing
Your Participation
By submitting your application, you acknowledge this notice and consent to AI-assisted evaluation as part of our recruitment process. You may opt out only by choosing not to submit your resume for consideration.

Salary : $125,000 - $150,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Application Security Analyst?

Sign up to receive alerts about other jobs on the Application Security Analyst career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$77,991 - $108,747
Income Estimation: 
$111,725 - $147,313
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$111,725 - $147,313
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Cloud and Things

  • Cloud and Things Albany, NY
  • Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environmen... more
  • 1 Day Ago

  • Cloud and Things Albany, NY
  • Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environmen... more
  • 1 Day Ago

  • Cloud and Things York, NY
  • Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environmen... more
  • 1 Day Ago

  • Cloud and Things York, NY
  • Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environmen... more
  • 1 Day Ago


Not the job you're looking for? Here are some other Application Security Analyst jobs in the York, NY area that may be a better fit.

  • Uniplus Consultants Inc Brooklyn, NY
  • JOB TITLE: Application Security Analyst Tasks & Duties: Objective: o Audit and analyze and accredit HRA/DSS/DHS Applications being moved as part of the Dat... more
  • 8 Days Ago

  • V Group Inc. Brooklyn, NY
  • For more details, please connect with Kajal Verma at kajalv@vgroupinc.com or call at 609-564-2786. Client: NYC Department of Social Services Job Title: App... more
  • 8 Days Ago

AI Assistant is available now!

Feel free to start your new journey!