Senior Security Analyst - AppSec

The Application Senior Security Analyst leads the implementation and maintenance of network and application security systems to protect Patterson’s information assets. This role drives technical support, incident response, and ensures alignment with security and project goals. The analyst develops and enhances the application security program using industry best practices and frameworks. Expertise in secure coding, static and dynamic code analysis, and vulnerability remediation is essential.

The candidate integrates security controls into CI/CD pipelines using Sec Dev Ops  methodologies. Responsibilities include tool integration, policy enforcement, and continuous monitoring. Collaboration across Dev Ops, compliance, risk, and audit teams ensures enterprise-wide security alignment. A methodical approach to assessing and triaging security findings is critical for success.

• Perform application security triage, oversee issue resolution, and track remediation metrics
• Oversee the maintenance, support, and delivery of associated security platforms
• Drive continuous improvements in acting on alerts, service requests, and incidents
• Integrate best practices to proactively analyze and monitor systems and applications for system and security related issues
• Considered subject matter expert in assigned platforms and keep up‑to‑date knowledge to drive improvements
• Strong mentor with the ability to work with junior team members and provide leadership and training on new tools or projects
• Provide support and ongoing input in the evolution of the application security program
• Ensure the application security tool set is optimized, tuned, and maintained
• Collaborate with Devs and Ops teams to embed security into CI/CD pipelines and Sec Dev Ops  workflows
• Perform security testing to include SAST, DAST, SCA, Container, APIs, IaC, Secrets
• Interact with Infrastructure, Dev Ops, and application owners to ensure alignment with Patterson’s roadmaps
• Prioritize workload depending on business direction, compliance, and / or security requirements
• Embedded in the SDLC process for all major applications, working with Dev Ops, Sec Dev Ops , Developers, QA, Principal Architects, Security Champions
• Actively participate and / or lead weekly meetings with application team leads and security champions
• Track and manage identified vulnerabilities through resolution, ensuring timely remediation and documentation.
• Oversee the planning, execution, and follow‑up of penetration tests conducted by internal teams and external security partners.

• In addition to the essential functions listed above, the incumbent may perform the following additional functions.
• Experience with .Net, C#, Java script, Angular and related languages
• Familiarity with Azure
  
  DevOPs (ADO), Package Management, SBOM, TFS and / or VSTS
• Familiarity with major cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)
• General knowledge of Application Security frameworks such as BSIMM, OWASP SAMM / ASVS, NIST, etc
• Experience with Thick Clients, Web Apps, Cloud Solutions, SPA, Web Services, MVC, APIs, etc
• Familiar with Azure Dev Ops Pipelines for automated build, test and deployment workflows
• Ability to support and manage Azure services including Azure Container Apps (ACA), Azure Kubernetes Service (AKS), and Azure Artifacts
• Familiarity with software supply chain security processes, including vulnerability scanning, artifact integrity validation, and dependency risk management
• Experience implementing and maintaining gating workflows in CI/CD pipelines to enforce security and compliance checks prior to deployment
• Experience communicating security concerns and issues to non‑technical audiences
• Proficient in assessing microservices and APIs for security flaws using automated and manual testing techniques.
• Familiar with key application security tools such as Burp Suite, HCL App Scan, Veracode, Qualsys WAS, Micro Focus Web Inspect, Checkmarx, Mend.io (White Source), Dev Tools, Fiddler, Owasp Zap, Metasploit, BeeF, SQLMap, Postman, etc
• Experience with Swagger, SOAPUI, Visual Studio

• Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience
• At least 4 years work experience in information technology, cyber security, or information security

• Security industry certification desired

This person must be located within a commutable distance to Mendota Heights, MN or Loveland, CO. This will be 2 days in the office hybrid model.

The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $94,100.00 - $