Senior Analyst - Application Security

**Senior Analyst - Application Security** Experience: 5-7 years Location: India - Remote **AboutArmorCode** ArmorCode is a hyper-growth startup with a line-up of marquee customers that are an envy of even Fortune 500 companies. Our customers range from fast-paced digital native companies to #1 brands across three major global categories. ArmorCode provides the industry’s leading AppSecOps platform delivering AppSec at the speed of DevSecOps. Since its founding in 2020 in PaloAlto, California by serial entrepreneurs with a successful track record of starting and growing startups, ArmorCode has won numerous awards including SINET 16, Globee IT & Disruptor Awards, Hot Start-up of the Year award, and the TiE50 Award. ArmorCode was spotlighted on the iconic Nasdaq tower and was included in Gartner's AppSec Hype Cycle under Application Security Orchestration and Correlation tool (ASOC) category. Application security is one of the fastest growing sub-segments within the fast-growing cybersecurity market, and we are a clear market leader in our category because of the platform-based architecture. In a world that is getting digitally transformed, application visibility and application security posture management are foundational and are a perfect launch pad for long-term career success. At ArmorCode you will find passionate problem-solvers who embody our core values: Hunger, Humility, and Humanity. **Our Product** Agile DevOps, Cloud Deployment, Microservices and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface. This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches and losses. The ArmorCode AppSecOps platform is the solution to this challenge. We provide AppSec teams with the visibility, actionable insight, automation, and integration needed to build, deliver, and scale an effective and efficient AppSec program across the entire organization, as well as the DevSecOps pipeline. ArmorCode's next-generationAppSecOps is the only platform that consolidates multiple key AppSec needs(Application Security Posture Management, Unified Vulnerability Management,DevSecOps Orchestration, and Continuous Compliance) into a single-pane-of-glass to minimize tooling and alerts while maximizing agility, efficiency, and cost-efficacy. With it, enterprises radically simplify and accelerate their application security while drastically cutting costs. Our platform is loved by global brands & category leaders, backed by leading VC firms, and powered by security experts. Our Mission ArmorCode's mission is to help organizations ship software fast and ship it securely, no matter where it is built, how it is built, or who builds it. We invite eager talent ready for this challenge to join our team and power our rocketship. **Job Description** The Security and Compliance Lead will be responsible for the compliance and Information Security of ArmorCode, including protecting client data. The Security and Compliance Lead has the responsibility of leading junior staff and assisting senior leadership in the design, evaluation, development, implementation and operational aspects of process standards, procedures and guidelines supporting the company's information security plan and SOC – II, ISO 27001, GDPR, CCPA compliance. **What You’ll Do:** * Closely work with Developer and DevOps to ensure security by design and security by default * Hands on experience in application security operations * Understanding of Security code review * Triaging of security findings, contextualize impact & applicability to ArmorCode Inc. * Assist Risk owner to design plan of action & risk mitigation steps to fix findings * Manage technical security solutions such as SIEM, EDR, MDM, DLP, Anti malware * Monitor alerts through security tools and take appropriate actions * Investigation of logs/continuous monitoring of logs to identify intrusions, sensitive data and malicious activity. * Review & follow Incident response plan & understanding about Cyber Forensics * Conduct OWASP top 10 trainings * Conduct threat modeling * Participate in red teaming exercises **Qualification and Requirements** * 5 - 7 Years in Security Operations, VAPT, Blue teaming * BS in Computer Science/MIS (or equivalent education/work experience) * Industry standard security certifications (CEH,OSCP, ISO 27001 LA, etc.) * Excellent written, verbal communications skills, listening and interpersonal skills * Well organized strong problem analysis and decision-making ability. * Experience with AWS cloud security standards, configurations and tools * Good knowledge of IT Security and compliance including procedures around the following: i) Incident Management Procedures ii) Malware analysis iii) Forensics analysis iv) Social Engineering Campaign v) Security Awareness **What We Offer** In addition to a competitive compensation package for this role, candidates will have an opportunity to directly and significantly influence application security space, and diversify skill sets by taking on new and exciting challenges. * Competitive salary and bonus * Stock options * Medical Insurance * Work from home Remote flexibility – Based in India If you want to join a rocket ship that is on a hyper growth trajectory, send a note and your resume to jobs@armorcode.io

Agile DevOps, cloud, microservices, and open source have all dramatically accelerated application delivery and complexity. Today’s security teams depend on a collection of point products that each represent an overlapping piece of the puzzle and lead to siloed manual processes within security teams and across the organization. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect their ever-changing and growing risk surface. The AI-powered ArmorCode ASPM Platform is the solution to this challenge. The ArmorCode ASPM Platform powers a new model for reducing risk and complexity. It integrates with your security scanners across applications, infrastructure, and cloud to aggregate, correlate, and orchestrate findings in a single platform so security and development teams can realize holistic visibility, flexible agility, and cross-team collaboration. Companies of all sizes scale their security effectiveness by more than 10x and maximize their ROI on existing security investments through managing Application Security Posture, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance. With billions of findings processed, ArmorCode's customers range from marquee Fortune 500 companies, including #1 brands in their respective categories, to hyper-growth cloud-native technology companies. ArmorCode is the founding member of the Purple Book Community.