Application Security Analyst Lead

Job Description

UNIVERSAL Technologies is seeking an Application Security Analyst Lead for an onsite role in Brooklyn, NY or within the 5 boroughs to oversee application security risk evaluation and accreditation for systems involved in large-scale data center migration initiatives. This role focuses on governance, risk acceptance, vulnerability management, and ensuring applications meet enterprise and regulatory security standards prior to production deployment.

WHO WE ARE

UNIVERSAL Technologies, LLC is a Women-Owned (M/WBE) IT solutions and consulting company with over 15 years of experience delivering enterprise-grade technology solutions. We partner with public sector and commercial clients to provide high-quality IT services across Development, Business Analysis, Project Management, Cyber Security, Network Engineering, and Systems Architecture. Our mission is to become an extension of our clients teams, delivering impactful and scalable solutions.

WHAT WE OFFER

- Competitive compensation

- Health, Dental, and Vision Insurance

- Group Life Insurance

- 401(K)

- HSA/FSA options

- Pre-Tax Transportation Program

- Generous PTO and holiday package

MANDATORY SKILLS / EXPERIENCE

- Minimum of 8 years of experience in Application Security aligned with standards such as OWASP and NIST

- Minimum of 8 years of experience in Secure Software Development Life Cycle (SSDLC)

- Minimum of 8 years of experience in Threat Modeling and Risk Assessments

- Minimum of 5 years of experience performing application vulnerability scanning (SAST, DAST)

- Minimum of 8 years of experience integrating security into CI/CD and DevSecOps environments (Azure, Jenkins)

- Minimum of 8 years of experience in API security and access control frameworks (OAuth, SAML, SSO)

- Minimum of 8 years of experience in cloud security architectures

- Minimum of 8 years of experience working with security frameworks and compliance standards (NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP, HITRUST)

- Minimum of 8 years of experience in vulnerability management, penetration testing, and security operations

- Minimum of 8 years of experience in incident response and security governance processes

- Minimum of 8 years of experience in Agile environments, project coordination, and stakeholder communication

- Hands-on experience with platforms including Windows Server, Linux, IIS, Apache, VMware, and Citrix

- Experience with development technologies including .NET, C#, JavaScript, Python, PowerShell, and web technologies

- Hands-on experience with security tools (required): Veracode, IBM AppScan, SD Elements, Burp Suite

- Experience with additional tools (preferred): Checkmarx, Fortify, Prowler, SonarQube, Snyk, Wireshark, OWASP ZAP, Rapid7, STRIDE

SCOPE OF SERVICES

- Lead application security accreditation efforts for systems involved in data center migration initiatives

- Evaluate and analyze application vulnerability scan results to identify risks and security gaps

- Document vulnerabilities and define mitigation strategies and SLA timelines based on severity and business impact

- Assess whether identified vulnerabilities fall within agency risk tolerance levels

- Communicate findings and risk posture to business owners, IT leadership, and security stakeholders

- Develop and enforce risk mitigation strategies and compensating controls

- Validate remediation efforts with development teams and support security certification for production readiness

- Manage and enforce Risk Acceptance processes , including formal approval workflows with Business Owners, IT leadership, and CISO

- Ensure alignment with enterprise security policies, regulatory requirements, and compliance standards

- Support audit readiness and continuous improvement of application security governance practices

UNIVERSAL Technologies is an equal opportunity employer.