Application Security Analyst

Job Title: Application Security Analyst

Location: Bogota, Colombia

Work Mode: 100% Remote

Employment Type: Independent Contractor (hourly pay, no benefits, and you’re responsible for your own taxes)

Contract Duration: 12 months

Hours: 40 hours per week

About the Role

We are seeking an Application Security Analyst with strong expertise in identifying, analyzing, and remediating application vulnerabilities.

The ideal candidate should have a solid background in cybersecurity and software development, along with hands-on experience in application scanning tools and secure development practices.

This role requires a proactive professional who can collaborate effectively with engineering, product, and incident response teams to strengthen application security.

Requirements

• Bachelor’s degree with at least 4 years of combined experience in cybersecurity and/or software development (or equivalent experience).
• Practical understanding of application cybersecurity vulnerabilities and remediation planning.
• Strong communication skills for collaboration with technical teams and third parties.
• Familiarity with CI/CD platforms and build/deployment pipeline technologies.
• Awareness of compliance and data privacy regulations (PCI DSS, GDPR, CCPA) and their impact on security.
• General knowledge of common programming languages and paradigms (OOP, functional, concurrent).
• Understanding of cloud environment security concepts such as secrets management, infrastructure as code, and serverless.
• Experience with application scanning tools (static and dynamic) to interpret vulnerabilities and support remediation.
• Basic knowledge of containers and container management tools (Docker, Kubernetes).
• Knowledge of HTTP communication fundamentals.
• Awareness of package management tools (npm, pip, apt, yum).
• Strong experience with software development lifecycle (SDLC).

Responsibilities

• Monitor and analyze vulnerabilities in mobile and web applications using established scanning tools and processes.
• Review scan results, verify risk levels, and recommend remediation strategies to application or engineering teams.
• Participate in ongoing risk-based discussions with product owners, engineers, and stakeholders regarding application vulnerabilities.
• Track and prioritize vulnerabilities based on timelines and business impact.
• Apply existing application security scan profiles and policies (containers, SAST, DAST, pen testing).
• Onboard new applications into scanning services, ensuring adherence to security standards.
• Support awareness campaigns and training programs for secure development practices.
• Provide input to engineering teams on secure coding and design principles, referencing OWASP Top 10.
• Continuously monitor published vulnerabilities across applications, operating systems, and databases.
• Assist in remediation prioritization, coordinate with stakeholders, and re-scan to verify fixes.
• Collaborate with engineers on threat modeling, incident response, and root cause analysis.
• Work with incident response teams to investigate application security incidents.
• Document findings, track remediation progress, and support lessons learned for future prevention.