Application Security Analyst II Full-time Job

Application Security Analyst II role will support our organization’s security posture by protecting applications, APIs, databases, and third-party SaaS platforms. Working closely with the AppSec lead, the engineer will take on operational responsibilities to enable strategic growth of the program while supporting hands-on security testing and analysis.

The ideal candidate is at an entry to medium seniority level, with experience in application development and security, enabling effective code testing and API security assessments.

Experience Requirements

Experience across cybersecurity domains: 2–5 years

Application security: 2–5 years

Application development: 2–5 years

Responsibilities

Onboard development teams into security tools (e.g., Snyk) and integrate them into CI/CD pipelines.

Perform vulnerability triage and respond to alerts in a timely manner.

Conduct security testing of code and APIs, including analyzing results from static and dynamic analysis tools.

Monitor SaaS and API findings, ensuring risks are logged and communicated appropriately.

Manage user access and maintain the health of security tools.

Review application requests, browser extension exceptions, and other operational items.

Assist in manual assessments of COTS and database security, building inventories, and documenting findings.

Collaborate with the AppSec lead to develop and implement best practices across all security pillars.

Support the creation of risk profiles and contribute to long-term risk reduction strategies.

Help prepare reports and communicate program metrics and risk posture to stakeholders.

Advanced English

Must-Have Skills

Solid expertise in at least 1–2 of the following pillars: Code and Portal Security, SaaS Security, API Security, COTS Security, or Database Security.

Proficiency in one or more programming languages (e.g., Python, Java, JavaScript) and understanding of software design patterns.

Hands-on experience with code testing frameworks, static analysis (SAST), and dynamic analysis (DAST) tools.

Understanding of API security fundamentals (authentication, authorization, protocols) and web services.

Familiarity with CI/CD pipelines and integrating security scanning.

Solid grasp of web application security concepts and common vulnerabilities (e.g., OWASP Top Ten).

Strong interpersonal and communication skills; able to collaborate across teams and convey security concepts to diverse audiences.

Analytical thinking and problem solving; able to triage and prioritize vulnerabilities and tasks.

Nice-to-Have Skills

Experience or interest in SaaS security, including monitoring and performing manual assessments.

Basic knowledge of COTS and database security with a willingness to learn more.

Prior experience as a software developer or in a development team.

Understanding of DevSecOps principles and practices.

Knowledge of manual SaaS assessment processes and best practices.

Experience performing database security reviews or working with database technologies.

Relevant certifications (e.g., CSSLP, OSCP, CISSP).

Experience or interest in forming programmatic risk profiling methodologies.

Security Tools Experience

Candidates should have experience with security tools relevant to at least one or more of the following categories:

SSPM (SaaS Security Posture Management) Tools: Obsidian Security, Falcon Shield, Valence, Adaptive Shield, AppOmni, etc.

Code Scanning Tools: Checkmarx, Snyk, Veracode, SonarQube, Fortify, GitHub Advanced Security, etc.

API Security Tools: Cequence, Salt Security, Noname Security, 42Crunch, Traceable, etc.

COTS Security Tools: Nessus, Qualys, Rapid7, or similar vulnerability management tools.

Database Security Tools: Imperva, IBM Guardium, Oracle Audit Vault, or similar.

Since 1911, Pan-American Life has been dedicated to being the first-choice partner for top rated life, accident and health insurance and employee benefits for local and multi-national companies, as well as individuals seeking trusted financial security. Guided by the success and strength of its over 110-year history, PALIG has established a track record as one of the most financially sound insurance companies. The companys heritage manifests a longstanding dedication to providing customers with innovative products and services to secure their future. PALIG employs more than 2,200 worldwide and provides top-rated life, accident and health insurance, employee benefits and financial services in 49 states, the District of Columbia (DC), Puerto Rico, and the U.S. Virgin Islands. The Groups member companies offer individual and/or group life, accident and health insurance throughout the Americas in the United States, Latin America and the Caribbean. The Group has affiliates and branches in Costa Rica, Colombia, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Panama, and 13 Caribbean markets, including Barbados, the Cayman Islands, Curacao and Trinidad and Tobago.
To learn more about Pan - American Life Insurance Group, visit palig.com and to join our team, visit palig.com/en/us/careers