What are the responsibilities and job description for the Application Security Analyst position at Cloud and Things?
Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environment. Our team is on the forefront of helping to solve the government's most complex IT challenges. If you are seeking a role that offers the opportunity to work on rewarding projects, consider a career with Cloud and Things.
*This is an exempt position. Salary commensurate with experience*
Overview:
Location: Hybrid - New York, NY
Salary: $125,000 - $150,000
We are seeking an Application Security Analyst who will support our client to audit, assess, and support the accreditation of applications transitioning to a new infrastructure environment. This role will analyze application security readiness, identify risks, and help ensure systems meet required security standards before deployment. The ideal candidate is detail-oriented, collaborative, and experienced in evaluating application security risks in complex technical environments.
Duties:
AI-Assisted Resume Evaluation Notice
Cloud and Things – Talent Management
Notice to Candidates
Cloud and Things utilizes artificial intelligence (AI) tools to assist our recruiting team in evaluating candidate applications for streamlining; consistency, efficiency, and thoroughness. All hiring decisions are ultimately made by our human recruiting professionals.
How AI Is Used
Our AI tools assist by:
Your Data and Privacy
Cloud and Things Data Handling:
By submitting your application, you acknowledge this notice and consent to AI-assisted evaluation as part of our recruitment process. You may opt out only by choosing not to submit your resume for consideration.
*This is an exempt position. Salary commensurate with experience*
Overview:
Location: Hybrid - New York, NY
Salary: $125,000 - $150,000
We are seeking an Application Security Analyst who will support our client to audit, assess, and support the accreditation of applications transitioning to a new infrastructure environment. This role will analyze application security readiness, identify risks, and help ensure systems meet required security standards before deployment. The ideal candidate is detail-oriented, collaborative, and experienced in evaluating application security risks in complex technical environments.
Duties:
- Evaluate Application vulnerability scan reports
- Document application vulnerabilities found in scan reports and define vulnerabilities mitigation SLAs
- Assess if the application vulnerabilities found in scan reports are within the Agency Risk Appetite
- Communicate and report application vulnerability findings to Business Owner(s) and IT Heads
- Develop application vulnerability mitigation strategy and mitigation controls to make the applications secure within the agency infrastructure environment
- Evaluate mitigated application vulnerabilities with development teams to perform security accreditation for production deployment
- Enforce Risk Acceptance Letter for applications seeking production deployment with unmitigated application vulnerabilities requiring approval from Business Owner(s), IT Head and CISO
- Associates degree or combination of experience and education
- 8 years of experience in Application Security & Industry Standards (OWASP, NIST)
- 8 years of experience in Secured Software Development Life Cycle (SSDLC)
- 8 years of experience in Threat Modelling & Risk Assessments
- 5 years of experience in Application Scanning for Vulnerabilities (SAST, DAST)
- 8 years of experience in Integration of Security in CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins)
- 8 years of experience in API Security & Access Controls (OAuth, SAML, SSO)
- 8 years of experience in Cloud Security
- 8 years of experience in Security Frameworks (NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP, HITRUST)
- 8 years of experience in Vulnerability Management & Penetration Testing
- 8 years of experience in Incident Response & Security Operations
- 8 years of experience in Security Training & Awareness
- 8 years of experience in Agile Environment Collaboration
- 8 years of experience in Project Management
- 8 years of experience in Cross-Functional Team Collaboration
- 8 years of experience in Client Engagement & Communication
- 8 years of experience with Operating Systems: Windows Server, Apache, Microsoft IIS, Windows, Linux, VMware, Citrix
- 8 years of experience with Technology Stack: ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion, JavaScript, HTML, C , C#, MS PowerApps, Python, Powershell, Shell Scripting, Selenium
- 8 years of experience with Security Tools — Must Have: VERACODE, IBM Appscan, SD Elements, Burp Suite
- 8 years of experience with Security Tools — Plus to Have: CHEKMARX, Fortify, Prowler, SonarQube, SNYK, Wireshark, OWASP ZAP, Rapid7, STRIDE
AI-Assisted Resume Evaluation Notice
Cloud and Things – Talent Management
Notice to Candidates
Cloud and Things utilizes artificial intelligence (AI) tools to assist our recruiting team in evaluating candidate applications for streamlining; consistency, efficiency, and thoroughness. All hiring decisions are ultimately made by our human recruiting professionals.
How AI Is Used
Our AI tools assist by:
- Analyzing resumes against job requirements
- Supporting our recruiters in candidate data evaluation
- Ensuring consistent review standards across all applications
Your Data and Privacy
Cloud and Things Data Handling:
- Your information is processed securely and used exclusively for recruitment purposes
- Cloud and Things may store your resume in our Applicant Tracking System (ATS) indefinitely for future job matching opportunities
- You may opt out of long-term ATS storage by emailing your name and your request to opt out of storing your resume in the ATS to: security@cloudandthings.com
- All personal information is handled confidentially in accordance with our privacy policy
- AI processing data is retained for a maximum of 90 days, after which it is deleted
- All data sent to AI tools is encrypted in transit and at rest
- AI tools comply with applicable privacy laws including GDPR and CCPA
- Personal data is anonymized or minimized wherever possible during AI processing
By submitting your application, you acknowledge this notice and consent to AI-assisted evaluation as part of our recruitment process. You may opt out only by choosing not to submit your resume for consideration.
Salary : $125,000 - $150,000