Security Application Analyst

Role Overview

Join the Sofia cybersecurity team to perform security assessments on customer-facing applications. Focus on vulnerability management, code reviews, and compliance in a regulated betting environment.

Collaborate with developers to embed security in Agile workflows, minimizing risks across Java, .NET, Python, and PHP stacks.

Key Responsibilities

• Conduct SAST, DAST, and penetration testing using tools like Checkmarx, Burp Suite, OWASP ZAP, and Snyk.
• Review code, manage SCA for third-party libraries, and integrate security into CI/CD pipelines with Jenkins or Azure DevOps.
• Investigate incidents, support SOC operations, and ensure PCI DSS/ISO compliance while educating developers on OWASP Top 10 risks.

Required Qualifications

• 3+ years in software development (Java, .NET, Python, PHP) with transition to application security.
• Proficiency in SAST/DAST tools (SonarQube, Veracode, Semgrep), WAF configuration, and runtime monitoring (Contrast Security).
• Knowledge of secure frameworks (Spring, ASP.NET), Unix systems, and regulated industry standards.

Preferred Skills

• Experience with secrets detection, IaC security, and container scanning in gaming/betting sectors.
• Certifications like CSSLP, OSCP, or Security+; strong problem-solving and team collaboration.
• Familiarity with GitHub Actions and threat modeling.