Application Security Analyst

Accurate Background is seeking a motivated Application Security Analyst to join our team in Hyderabad, India. This mid-level role is crucial for scaling our application vulnerability management program. You will focus on triaging, prioritizing, and operationalizing findings from modern AppSec tooling, emphasizing developer enablement and signal quality. The ideal candidate will have hands-on experience with SAST, DAST, SCA, Microsoft Defender, and AWS, and possess the ability to translate raw tool output into clear, actionable remediation guidance for engineering teams.

This collaborative position requires strong organizational skills, confident communication, and the ability to effectively engage with engineers and leaders who may have competing priorities. Your responsibilities will include owning the day-to-day lifecycle management of application security findings across multiple tools, analyzing and triaging vulnerabilities from SAST, SCA, and Microsoft Defender, and validating findings for accuracy and impact. You will leverage an Application Security Posture Management (ASPM) platform to correlate findings, reduce noise, and improve prioritization.

Key tasks involve maintaining risk scoring logic, identifying process gaps, and creating reports and dashboards for various stakeholders, including developers, security leadership, and engineering leadership. You will track metrics such as Mean Time to Remediate (MTTR) and tool signal-to-noise ratio, and provide practical remediation guidance to developers, including secure coding patterns and dependency upgrades. Direct collaboration with development teams to answer questions, validate fixes, and reduce repeat findings through education is essential.

Responsibilities:

• Own the day-to-day triage and lifecycle management of application security findings.
• Analyze and triage findings from SAST, SCA, and Microsoft Defender.
• Validate findings for false positives, duplicates, and exploitability.
• Prioritize vulnerabilities based on risk, asset criticality, and business context.
• Track remediation progress and enforce SLAs.
• Leverage an ASPM platform for correlation, noise reduction, and improved prioritization.
• Maintain risk scoring logic, findings normalization, and exception workflows.
• Identify and propose improvements for coverage, data quality, or process gaps.
• Create and maintain reports and dashboards for different personas.
• Track and communicate key metrics related to vulnerability management.
• Provide clear, practical remediation guidance for developers.
• Partner directly with development teams to answer questions, validate fixes, and reduce repeat findings.

Qualifications:

• 3+ years of experience in Application Security and Vulnerability Management.
• Hands-on experience with appsec toolchain (SAST, SCA, DAST) such as Appcheck, Mend.IO, SonarQube, Veracode, Snyk.
• Working knowledge of application security fundamentals (OWASP Top 10, Common CWEs, CVEs).
• Strong organizational skills for managing large vulnerability backlogs.
• Ability to translate technical findings into clear remediation guidance.
• Experience using or operating within an ASPM platform.
• Familiarity with CI/CD pipelines and GitHub-based workflows.
• Experience reducing false positives and tuning AppSec tools.
• Exposure to containerized or microservices-based architectures.
• Comfort working in fast-paced engineering environments.
• Experience operating in AWS-based environments.
• Strong written and verbal communication skills.

This is a hybrid position based in Hyderabad, India, requiring two days a week in the office. Flexible hours may be required.