Skip to main content
Software MindSM

[8PP] Senior Security Analyst- Application Security & DevSecOps

Software Mind is a global digital transformation partner, providing software development services and expert teams to companies across various industries. Founded in 1999 and headquartered in Krakow, Poland, the company has expanded its operations throughout Europe, the US, and Latin America.

Software Mind

Employee count: 1001-5000

Costa Rica only

Stay safe on Himalayas

Never send money to companies. Jobs on Himalayas will never require payment from applicants.

Overview
Software Mind is seeking qualified candidates to fill the role of Senior Security Analyst- Application Security & DevSecOps

In addition to a competitive salary rate and a positive work environment, we are committed to delivering high-quality technology solutions, we also offer:

  • Flexible schedules
  • An authentic work-life balance
  • Payment in US Dollars

Senior Security Analyst – Application Security & DevSecOps

About the Role

We are seeking a Senior Security Analyst with a strong background in Application Security and DevSecOps, focused on embedding security throughout the software development lifecycle. This is not a traditional SecOps monitoring role — the ideal candidate is someone who partners closely with engineering teams, drives security program maturity, and can assess technology risk at both a technical and strategic level.

Key Responsibilities

SSDLC Maturity & Developer Enablement

  • Partner with development teams to embed secure coding practices throughout the SDLC, shifting security from a final gate to a shared, integrated responsibility
  • Assess current development practices against Secure SDLC standards, identify gaps, and drive a phased maturity roadmap with measurable milestones
  • Lead developer enablement initiatives — secure coding guidance, threat modeling, and a security champions program — that build durable capability within engineering teams
  • Integrate and tune SAST, DAST, SCA, and secrets scanning in CI/CD pipelines (Azure DevOps, Bitbucket) to deliver fast, in-workflow feedback with minimal friction

Product & Technology Security Review

  • Evaluate prospective products, platforms, SaaS tools, and developer tooling to confirm alignment with security best practices before adoption
  • Conduct architecture and design reviews, assessing authentication, authorization, data handling, encryption, logging, and multi-tenancy considerations
  • Review third-party and supply chain risk — dependencies, integrations, AI/ML components, and vendor security posture — and define conditions for safe use
  • Produce clear, risk-based assessments and recommendations (approve, approve-with-conditions, or reject) for engineering and security leadership
  • Partner with vendor risk and compliance functions to align product reviews with SOC 2 and broader control requirements

Cloud & Pipeline Security

  • Implement policy-as-code guardrails and infrastructure-as-code security controls across Azure/M365 cloud environments
  • Drive cloud posture improvements — configuration hardening, CIS benchmark alignment, WAF, and network segmentation
  • Establish supply chain security controls including dependency governance and code signing

What We're Looking For

Required

  • 5+ years of experience in Application Security, DevSecOps, or a similar role
  • Demonstrated experience maturing an engineering organization through Secure SDLC adoption — not just deploying tools
  • Hands-on AppSec and DevSecOps background: SAST/DAST/SCA, CI/CD pipeline security, secrets management
  • Strong product and technology security review experience — ability to assess a new platform or tool and articulate concrete risks and mitigations
  • Experience with CI/CD and source control tooling (Azure DevOps, Bitbucket, or equivalents)
  • Familiarity with secure development frameworks (NIST SSDF, OWASP SAMM/ASVS, BSIMM)
  • Cloud security experience in AWS and/or Azure
  • Strong collaboration and communication skills — able to coach developers and present risk to both technical and executive audiences
  • +90% English proficiency (written and spoken, minimum B2 level)

Preferred

  • Experience in a SOC 2 and/or ISO 27001 environment
  • Threat modeling experience
  • Exposure to AI/ML security and governance considerations
  • Relevant certifications: CSSLP, GWAPT, CISSP, or cloud security certifications

We are Software Mind, an awesome team of engineers who are ready to ramp up any top-notch company’s projects! Our aim? To always be one step ahead. Become part of a multicultural company in constant growth with an excellent work environment certified by Great Place To Work!

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Experience

5 years minimum

Location requirements

Hiring timezones

Costa Rica +/- 0 hours

About Software Mind

Learn more about Software Mind and their company culture.

View company profile

What began in 1999 as the vision of two ambitious Polish developers in their final years of college, eager to build interesting business apps for international markets using emerging technologies, has blossomed into Software Mind, a global digital transformation partner. For over two decades, this Krakow-based company has been at the forefront of software development, evolving from a boutique Polish software house into a significant player with a robust presence across Europe, the US, and Latin America. This journey has been marked by organic growth, strategic external investments, and key acquisitions, including companies like ValueLogic, Code Factory, Chmurowisko, Virtualmind, and number8. These moves have not only expanded Software Mind's geographical reach but also deepened its expertise and service offerings.

Software Mind's core mission is to provide organizations worldwide with the critical expertise, resources, and product engineering necessary to drive their business forward. They empower companies with skilled software engineers and autonomous, cross-functional development teams that manage the entire software lifecycle, from the initial spark of an idea to its release and ongoing support. The company prides itself on a culture that prioritizes openness, ownership, and respect, fostering a global team that is encouraged to 'crave more, act as a true partner, and deliver meaningful value'. This people-centric approach, combined with a strong technological foundation in areas like cloud computing, AI, data science, and embedded software, allows Software Mind to accelerate digital transformations and enhance software delivery for a diverse clientele that includes scale-ups, unicorns, and large enterprise-level companies. Their path has mirrored the challenges many of their clients face – navigating new markets, cultivating deep domain knowledge, and integrating cutting-edge technologies – which uniquely positions them to guide digital accelerations and engineer software that not only impacts today but also inspires tomorrow.

Claim this profileSoftware Mind logoSM

Software Mind

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

43 remote jobs at Software Mind

Explore the variety of open remote roles at Software Mind, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Software Mind

Remote companies like Software Mind

Find your next opportunity by exploring profiles of companies that are similar to Software Mind. Compare culture, benefits, and job openings on Himalayas.

View all companies

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up