Firmenlogo

Application Security Analyst - Vulnerability Management bei Accurate

Accurate · Hyderabad, Indien · Hybrid

Jetzt bewerben

Description

When you join Accurate Background, you’re an integral part of making every hire the start of a success story. Your contributions will help us fulfill our mission of advancing the background screening experience through visibility and insights, empowering our clients to make smarter, unbiased decisions.

We are looking for a mid-level Application Security Analyst to support and scale our application vulnerability management program. This role is focused on triaging, prioritizing, and operationalizing findings from modern AppSec tooling, with a strong emphasis on developer enablement and signal quality.  The ideal candidate has hands-on experience working with SAST, DAST, SCA, Microsoft Defender, and AWS, and understands how to turn raw tool output into clear, actionable remediation guidance for engineering teams. This is a highly collaborative role that requires strong organization, confident communication, and the ability to work effectively with engineers and leaders who have strong opinions and competing priorities.

Responsibilities

  • Own the day-to-day triage and lifecycle management of application security findings across multiple tools
  • Analyze and triage findings from: SAST, SCA to identify dependency risk, exploitability, upgrade paths, secrets scanning and Microsoft Defender – application, container, and cloud workload findings
  • Validate findings for false positives, duplicates, environmental relevance, actual exploitability and impact
  • Prioritize vulnerabilities based on risk, asset criticality, and business context
  • Track remediation progress and enforce agreed-upon SLAs
  • Leverage an Application Security Posture Management (ASPM) platform to:
  • Correlate findings across application security tool set (SAST, DAST, SCA etc.)
  • Reduce noise and improve prioritization accuracy
  • Help maintain and improve risk scoring logic, findings normalization, exception and suppression workflows
  • Identify gaps in coverage, data quality, or process and propose improvements
  • Create and maintain reports and dashboards for different personas: developers (actionable, repo-level views), security leadership (risk posture, trends, SLA compliance) engineering leadership (program health, recurring issues)
  • Track and communicate metrics such as: Open vs. closed vulnerabilities, mean time to remediate (MTTR), recurring vulnerability patterns, tool signal-to-noise ratio
  • Provide clear, practical remediation guidance for developers, including:
  • What the issue is and why it matters
  • How to fix it (secure coding patterns, dependency upgrades, config changes)
  • When compensating controls or risk acceptance may be appropriate
  • Partner directly with development teams to:
  • Answer follow-up questions
  • Validate fixes
  • Reduce repeat findings through education and pattern identification
  • Serve as a security point of contact who is helpful, pragmatic, and technically credible
  • Communication & Influence
  • Communicate risk clearly and professionally to both technical and non-technical stakeholders
  • Confidently defend triage decisions and prioritization logic
  • Maintain composure and effectiveness when working with strong personalities
  • Push back respectfully when security risk is being underestimated or deprioritized

    • Qualifications

  • 3+ years of experience in Application Security, Vulnerability Management
  • Hands-on experience with appsec tool chain SAST, SCA, DAST (Appcheck, Mend.IO, SonorQube, Veracode, Snyk etc.) 
  • Working knowledge of application security fundamentals:
  • OWASP Top 10
  • Common CWEs and CVEs
  • Strong organizational skills with the ability to manage and prioritize large vulnerability backlogs
  • Ability to translate technical findings into clear remediation guidance
  • Experience using or operating within an ASPM platform
  • Familiarity with CI/CD pipelines and GitHub-based workflows
  • Experience reducing false positives and tuning AppSec tools
  • Exposure to containerized or microservices-based architectures
  • Comfort working in fast-paced engineering environments
  • Experience operating in AWS-based environments
  • Strong written and verbal communication skills

    • Working Conditions

  • This position is a hybrid, based in the Hyderabad, India. Requiring 2 days a week in the office.
  • The Information Security Engineer may be required to work flexible hours to accommodate different time zones or urgent situations.

    • Please note that the above job description represents a general overview of the responsibilities and requirements for this position at Accurate Background. Duties and qualifications may vary based on specific business needs and organizational changes.

    Additional Information

    The Accurate Way:

    We offer a fun, fast-paced environment, with lots of room for growth. We have an unwavering commitment to diversity, ensuring everyone has a complete sense of belonging here. To do this, we follow four guiding principles – Take Ownership, Be Open, Stay Curious, Work as One – core values that dictate what we stand for, and how we behave. 

    Take ownership.

    Be accountable for your actions, your team, and the company. Accept responsibility willingly, especially when it’s what’s best for our customers. Give others every reason to trust you, believe in you, and count on you. Rise to every occasion with your personal best.

    Be open.

    Be open to new ideas. Be inclusive of people and ways of doing things. Make yourself accessible and approachable, and communicate with genuineness, transparency, honesty, and respect. Embrace differences.

    Stay curious.

    Stay curious even as you move forward. Tirelessly ask questions and challenge the status quo in your pursuit of new ideas, ways to solve problems, and to continually grow and improve.

     Work as one.

    Work together to create the best customer and workplace experience. Put our customers and employees first—before individual or departmental agendas. Make sure they get the help they need to succeed.

     About Accurate Background:

    Accurate Background’s vision is to make every hire the start of a success story. As a trusted provider of employment background screening and workforce monitoring services, Accurate Background gives companies of all sizes the confidence to make smarter, unbiased hiring decisions at the speed of demand. Experience a new standard of support with a dedicated team, comprehensive technology and insight, and the most extensive coverage and search options to advance your business while keeping your brand and people safe.

    Special Notice:

    Accurate is aware of schemes involving fraudulent job postings/offers and/or individuals or entities claiming to be employees of Accurate. Those involved are offering fabricated employment opportunities to applicants, often asking for sensitive personal and financial information. If you believe you have been contacted by anyone misrepresenting themselves as an employee of Accurate, please contact [email protected].

    - Please be advised that all legitimate correspondence from an Accurate employee will come from "@accurate.com" email accounts.
    - Accurate will not interview candidates via text or email. Our interviews are conducted by recruiters and leaders via the phone, Zoom/Teams or in an in-person format.
    - Accurate will never ask candidates to make any type of personal financial investment related to gaining employment with the Company.
    Jetzt bewerben

    Weitere Jobs

    Firmenlogo

    Customer Support Engineer

    Turvo · Hyderabad,

    Firmenlogo

    Lead Business Process Analyst

    Gohighlevel · India,

    Firmenlogo

    Application Security Engineer

    Accurate · Hyderabad,