Senior Application Development Security Analyst

About TaskUs: TaskUs is a provider of outsourced digital services and next-generation customer experience to fast-growing technology companies, helping its clients represent, protect and grow their brands. Leveraging a cloud-based infrastructure, TaskUs serves clients in the fastest-growing sectors, including social media, e-commerce, gaming, streaming media, food delivery, ride-sharing, HiTech, FinTech, and HealthTech. 

The People First culture at TaskUs has enabled the company to expand its workforce to approximately 45,000 employees globally. Presently, we have a presence in twenty-three locations across twelve countries, which include the Philippines, India, and the United States.

It started with one ridiculously good idea to create a different breed of Business Processing Outsourcing (BPO)! We at TaskUs understand that achieving growth for our partners requires a culture of constant motion, exploring new technologies, being ready to handle any challenge at a moment’s notice, and mastering consistency in an ever-changing world.

What We Offer: At TaskUs, we prioritize our employees' well-being by offering competitive industry salaries and comprehensive benefits packages. Our commitment to a People First culture is reflected in the various departments we have established, including Total Rewards, Wellness, HR, and Diversity. We take pride in our inclusive environment and positive impact on the community. Moreover, we actively encourage internal mobility and professional growth at all stages of an employee's career within TaskUs. Join our team today and experience firsthand our dedication to supporting People First.

We are looking for a highly experienced and technically strong Senior Analyst - Application Development Security with 5+ years of hands-on experience in secure software development, application security testing, DevSecOps automation, and handling cloud-native security issues in application environments. This role is both strategic and hands-on, involving direct collaboration with engineering, security, cloud infrastructure, and product teams to improve the overall security posture of our applications and platforms.

You will lead secure SDLC initiatives, define secure coding standards, drive security tool integration, and oversee triaging and remediation of vulnerabilities — especially those stemming from cloud misconfigurations or infrastructure-related flaws.

Imagine yourself going to work with one thing on your mind: you will work in support of the Information Security, Applications Development team and business units.

• Define and lead the implementation of security best practices across the full SDLC — from design to deployment.

• Own and improve secure coding standards, architecture review processes, and security sign-off criteria for releases.

• Conduct in-depth threat modeling, attack surface analysis, and secure design reviews for new and existing systems.

• Champion a culture of “security as code” across the engineering organization.

• Oversee and optimize usage of SAST, DAST, IAST, SCA, and container scanning tools in CI/CD pipelines.

• Lead root cause analysis of vulnerabilities, including prioritization and coordination of remediation efforts with development  teams.

• Define vulnerability management workflows, metrics, and dashboards to track risk and remediation progress.

• Drive manual security testing for high-risk applications and work with red/purple teams when applicable.

• Knowledge of SAAS security Posture management Threats and help in remediation of issues.

• Analyze and help resolve cloud-related security findings (e.g., IAM misconfigurations, secret leakage, over-privileged resources) that impact applications.

• Lead collaboration between AppSec and cloud platform teams to harden cloud-native environments (AWS, Azure).

• Implement automated detection and remediation of misconfigurations using CSPM, CNAPP, and IaC security tools.

• Provide architectural guidance for secure deployment of microservices, serverless apps, APIs, and containers in cloud environments.

• Architect and maintain end-to-end security automation in CI/CD pipelines using GitHub Actions, GitLab CI, Jenkins, etc.

• Lead integration and tuning of policy-as-code, security-as-code, and infrastructure-as-code security checks.

• Build scalable, repeatable frameworks for automated testing, code review, and compliance enforcement.

• Serve as a security SME for DevOps and engineering teams to reduce friction and increase developer adoption.

• Mentor and guide junior security engineers and developers on secure development principles.

• Drive cross-functional security initiatives and working groups to promote secure engineering across teams.

• Contribute to executive reporting and security KPIs related to application and cloud security maturity.

• Participate in security incident response and post-mortem analysis for application-related issues.

• Bachelor's or Master’s degree in Computer Science, Cybersecurity, Engineering, or a related field.

• 5+ years of experience in secure software development, DevSecOps, or application/cloud security.

• Proven experience working in secure SDLC environments and integrating security controls in development workflows.

• Proficient in secure development with modern programming languages (e.g., Python, Node.js, .NET).

• Deep understanding of web application security standards (OWASP Top 10, ASVS), API security, and modern software architectures (microservices, containers, serverless).

• Deep experience with security tools across SAST, DAST, SCA, and container scanning tools such as:

  • SAST: Checkmarx, Snyk

  • DAST: Burp Suite, Netsparker

  • SCA: Snyk, WhiteSource, Black Duck

  • Cloud Security: Wiz

• Hands-on experience with cloud platforms (AWS, Azure) and familiarity with cloud-native security tools

• Strong knowledge of CI/CD tools and pipeline security integration.

• Experience with IaC tools (Terraform, CloudFormation, Pulumi) and associated security checks.

• Experience in performing detailed assessment, implementation and administration of the following application security testing activities

  • Threat Modeling

  • Static Application Security Testing 

  • Dynamic Application Security Testing

  • Application Architecture Review

  • Network Penetration Testing

  • Open Web Application Security Project (OWASP)

  • Secure Software Development Life Cycle (SDLC)

  • Vulnerability management
     

• Industry certifications such as:

  • Application Security: CSSLP, OSWE, CEH

  • Cloud Security: AWS Security Specialty, Azure Security Engineer, GCP Security Engineer

  • DevSecOps: DevSecOps Practitioner, Certified Kubernetes Security Specialist (CKS)

• Familiarity with GRC frameworks like NIST, ISO 27001, or SOC 2 in relation to secure software development.
   

Soft Skills:

• Strong leadership, influence, and cross-functional communication skills.

• Comfortable driving security change in fast-paced agile environments.

• Proactive, results-driven mindset with attention to detail and analytical problem-solving skills.

• Ability to translate security risk into business context for both technical and non-technical stakeholders.
   

How We Partner To Protect You: TaskUs will neither solicit money from you during your application process nor require any form of payment in order to proceed with your application. Kindly ensure that you are always in communication with only authorized recruiters of TaskUs.

DEI: In TaskUs we believe that innovation and higher performance are brought by people from all walks of life. We welcome applicants of different backgrounds, demographics, and circumstances. Inclusive and equitable practices are our responsibility as a business. TaskUs is committed to providing equal access to opportunities. If you need reasonable accommodations in any part of the hiring process, please let us know.

We invite you to explore all TaskUs career opportunities and apply through the provided URL https://www.taskus.com/careers/.