Security Application Analyst

Role Overview

Join the Sofia cybersecurity team to perform security assessments on customer-facing applications. Focus on vulnerability management, code reviews, and compliance in a regulated betting environment.

Collaborate with developers to embed security in Agile workflows, minimizing risks across Java, .NET, Python, and PHP stacks.

Key Responsibilities

• Conduct SAST, DAST, and penetration testing using tools like Checkmarx, Burp Suite, OWASP ZAP, and Snyk.
• Review code, manage SCA for third-party libraries, and integrate security into CI/CD pipelines with Jenkins or Azure DevOps.
• Investigate incidents, support SOC operations, and ensure PCI DSS/ISO compliance while educating developers on OWASP Top 10 risks.

Required Qualifications

• 3+ years in software development (Java, .NET, Python, PHP) with hands-on source code review and transition to application security.
• Proficiency in SAST tools (SonarQube, Checkmarx, Semgrep) integrated into CI/CD pipelines, SCA tools (Snyk, Black Duck), and WAF configuration.
• Knowledge of secure frameworks (Spring, ASP.NET), Unix systems, and regulated industry standards.

Preferred Skills

• Experience with IaC security (Terraform, CloudFormation scanning), container/image security (Docker, Kubernetes), and penetration testing.
• Familiarity with CI/CD platforms (GitHub Actions, GitLab, Jenkins) and implementing security gates in DevSecOps pipelines.
• Certifications like CSSLP, OSCP, or Security+; strong problem-solving and team collaboration.