[8PP] Senior Security Analyst - AI & Application Security

Company Description

We are Software Mind, an awesome team of engineers who are ready to ramp up any top-notch company’s projects! Our aim? To always be one step ahead. Become part of a multicultural company in constant growth with an excellent work environment certified by Great Place To Work!

Job Description

Overview
Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- AI & Application Security.

In addition to a competitive salary rate and a positive work environment, we are committed to delivering high-quality technology solutions, we also offer:

• Flexible schedules
• An authentic work-life balance
• Payment in US Dollars

About the role:

We are seeking a Senior Security Analyst with experience in monitoring and analyzing network and system activity to detect security threats, with hands-on expertise using tools like CrowdStrike Falcon including its Next-Gen SIEM, Data Protection, CSPM, Threat Intelligence capabilities, Qualys, and Rapid7 SIEM, CI/CD pipeline hardening cloud security in AWS and/or Azure and security architecture. 

Experience implementing process improvements and driving program maturity aligned with NIST CSF 2.0 is essential. Familiarity with AI governance frameworks (ISO/IEC 42001, NIST AI RMF) and experience evaluating AI and SaaS tools for security and compliance risk is strongly desired. You should also have excellent communication, problem-solving, and analytical skills, as well as the ability to work independently and as part of a team.

#LI-DNI

Qualifications

Duties and responsibilities for the role include:

Application Security (AppSec) 

• Lead application security testing activities including SAST, DAST, and software composition analysis (SCA) across the SDLC.
• Coordinate and manage third-party penetration tests for web applications, APIs, and cloud infrastructure; track remediation to closure.
• Leverage Qualys for vulnerability scanning, asset discovery, and prioritized remediation tracking across application and infrastructure layers.
• Evaluate, implement, and manage a centralized application vulnerability management platform (such as DefectDojo) to consolidate findings from all scanning tools, penetration tests, and manual assessments into a single pane of glass view across the company's application portfolio; drive consistent tracking, prioritization, and remediation workflows across teams.
• Integrate security testing tooling into CI/CD pipelines — including pipeline hardening, automated scanning gates, and secrets detection.
• Conduct security architecture reviews for new features, integrations, and third-party components.

Security Operations & Detection

• Operate and optimize CrowdStrike Next-Gen SIEM for threat detection, alert triage, investigation, and incident response.
• Leverage CrowdStrike Threat Intelligence and Data Protection capabilities to identify, investigate, and contain emerging threats.
• Use Rapid7 for vulnerability management, risk prioritization, and reporting; correlate findings with CrowdStrike telemetry for enriched context.
• Conduct proactive threat hunting and perform root cause analysis on security incidents.
• Develop and refine detection rules, correlation logic, and response playbooks.
• Prepare and maintain security reports, logs, and documentation.

AI Tool Governance & Procured Technology Compliance

• Maintain and enforce the company's AI Tool Inventory; conduct periodic reviews to validate that all IT-procured and employee-adopted AI tools are catalogued, risk-classified, and reviewed against AI policies.
• Partner with Legal and IT to perform security reviews of AI and SaaS tools prior to onboarding; evaluate vendor security posture using UpGuard, complete AI-specific controls in vendor onboarding questionnaires, and document findings in the vendor risk register.
• Monitor procured AI tools and IT-managed platforms for compliance with data handling, access control, and logging requirements; identify and remediate gaps against SOC 2 Type II controls and ISO/IEC 42001 AI management system alignment.
• Support the classification and security review of internally developed and procured Copilot/AI agents using the company's agent publishing risk framework; assess data access scope, output risk, and integration security prior to production deployment.
• Apply and maintain the MCP Server Security Baseline for AI integrations and MCP connector deployments; review connector data flows, permission scopes, and audit logging to ensure compliance with established minimum security controls.
• Contribute to AI security awareness and policy enforcement activities, including monitoring adherence to the AI Dev Policy Controls initiative, supporting Netskope DLP policy tuning for AI-destined data flows, and escalating policy violations through appropriate channels.

Program Maturity & Process Improvement

• Drive measurable improvements in vulnerability management maturity — reducing MTTR, improving SLA adherence, and enhancing risk prioritization practices.
• Develop metrics, KPIs, and dashboards that demonstrate security program effectiveness to leadership and compliance stakeholders.
• Support alignment with NIST CSF 2.0 and contribute to ongoing compliance initiatives including SOC 2 Type II and ISO 27001 alignment.
• Document security processes, runbooks, and procedures to build repeatable, audit-ready workflows in Confluence.
• Identify opportunities for tooling consolidation, automation, and operational efficiency across the security program.
• Support SOC 2 audit lifecycle activities.
• Help implement and standardize security responses to security questionnaires using existing and new technologies.
• Work with CloudOps, IT, and Dev teams to ensure security measures are implemented and operating effectively.
• Other duties as assigned.

Required

-Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience.

-At least 5 years of experience as a Security Analyst or similar role, with a demonstrated focus on AppSec, security operations, and/or AI security.

-Hands-on experience with Qualys or equivalent for vulnerability scanning, asset management, and remediation tracking.

-Proficiency with CrowdStrike platform capabilities including Next-Gen SIEM, Data Protection, CSPM, AIDR, Falcon Shield, and Threat Intelligence.

-Experience with Rapid7 or equivalent vulnerability management platform for risk prioritization and/or incident detection.

-Cloud security experience in AWS and/or Azure including IAM, security group configurations, logging, and posture management.

-Experience hardening CI/CD pipelines and integrating AppSec tooling (SAST/DAST/SCA) into development workflows.

-Experience coordinating penetration tests and managing remediation lifecycle.

-Demonstrated ability to implement security process improvements and drive program maturity.

-Working knowledge of NIST CSF 2.0 and how to apply framework functions to operational security programs.

-Knowledge of security concepts, principles, and best practices, such as threat modeling, risk assessment, encryption, and authentication.

-Knowledge of common security vulnerabilities, threats, and attack vectors, such as phishing, ransomware, DDoS, and SQL injection.

-Excellent communication, problem-solving, and analytical skills.

-Ability to work independently and as part of a team.

-Certifications such as CISSP, OSCP, CEH, GCIH, GCFA, CrowdStrike CCFA/CCFH, or AWS Security Specialty are preferred; AI security certifications such as AAISPM or equivalent AI governance certification are a plus.

-Knowledge of AI/ML security considerations and AI governance frameworks including ISO/IEC 42001 and NIST AI RMF 1.0.

Job Skills/Requirements
- +90% English written and oral (at least B2 level) with excellent communication skills
- Strong security architecture background
- Experience with cloud platforms (Azure and AWS)
- Familiarity with AI tooling (e.g., Databricks)
- Solid understanding of security best practices
- Previous experience as a security architect
- Knowledge of secure coding practices
- Ability to work with internal /external teams to compile evidence to satisfy compliance audits 

Additional Information

Preferred

• Experience in a SaaS or cloud-native software company environment.
• Familiarity with SOC 2 Type II or ISO 27001 frameworks and their underlying control requirements.
• Experience with security architecture review processes and threat modeling (STRIDE, PASTA, etc.).
• Scripting or automation experience (Python, PowerShell, Bash) for security tooling integration.
• Experience with network security, zero trust architecture, or microsegmentation.
• Experience conducting vendor security assessments for AI and SaaS tools, including evaluation against AI governance frameworks and data handling controls.