Senior Security Analyst - AppSec

The Application Senior Security Analyst leads the implementation and maintenance of network and application security systems to protect Patterson’s information assets. This role drives technical support, incident response, and ensures alignment with security and project goals. The analyst develops and enhances the application security program using industry best practices and frameworks. Expertise in secure coding, static and dynamic code analysis, and vulnerability remediation is essential. The candidate integrates security controls into CI/CD pipelines using SecDevOps methodologies. Responsibilities include tool integration, policy enforcement, and continuous monitoring. Collaboration across DevOps, compliance, risk, and audit teams ensures enterprise-wide security alignment. A methodical approach to assessing and triaging security findings is critical for success.

Essential Functions

To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request a reasonable accommodation, notify Human Resources or the manager who oversees the position.

• Perform application security triage, oversee issue resolution, and track remediation metrics

• Oversees the maintenance, support, and delivery of associated security platforms

• Drives continuous improvements in acting on alerts, service requests, and incidents

• Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues

• Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements

• Strong mentor with the ability to work with junior team members and provide leadership and training on new tools or projects

• Provide support and ongoing input in the evolution of the application security program

• Ensure the application security tool set is optimized, tuned, and maintained

• Collaborate with Devs and Ops teams to embed security into CI/CD pipelines and SecDevOps workflows

• Perform security testing to include SAST, DAST, SCA, Container, APIs, IaC, Secrets

• Interact with Infrastructure, DevOps, and application owners to ensure alignment with Patterson’s  roadmaps

• Prioritize workload depending on business direction, compliance, and / or security requirements

• Embedded in the SDLC process for all major applications, working with DevOps, SecDevOps, Developers, QA, Principal Architects, Security Champions,

• Actively participate and / or lead weekly meetings with application team leads and security champions

• Track and manage identified vulnerabilities through resolution, ensuring timely remediation and documentation.

• Oversee the planning, execution, and follow-up of penetration tests conducted by internal teams and external security partners.

Additional functions

• In addition to the essential functions listed above, the incumbent may perform the following additional functions.

• Experience with .Net, C#, Javascript, Angular and related languages

• Familiarity with AzureDevOPs (ADO), Package Management, SBOM, TFS and / or VSTS

• Familiarity with major cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)

• General knowledge of Application Security frameworks such as BSIMM, OWASP SAMM / ASVS, NIST, etc

• Experience with Thick Clients, Web Apps, Cloud Solutions, SPA, Web Services, MVC, APIs, etc

• Familiar with Azure DevOps Pipelines for automated build, test and deployment workflows

• Ability to support and manage Azure services including Azure Container Apps (ACA), Azure Kubernetes Service (AKS), and Azure Artifacts

• Familiarity with software supply chain security processes, including vulnerability scanning, artifact integrity validation, and dependency risk management

• Experience implementing and maintaining gating workflows in CI/CD pipelines to enforce security and compliance checks prior to deployment

• Experience communicating security concerns and issues to non-technical audiences

• Proficient in assessing microservices and APIs for security flaws using automated and manual testing techniques.

• Familiar with key application security tools such as BurpSuite, HCL AppScan, Veracode, Qualsys WAS, Micro Focus WebInspect, Checkmarx, Mend.io (White Source), DevTools, Fiddler, Owasp Zap, Metasploit, BeeF, SQLMap, Postman, etc

• Experience with Swagger, SOAPUI, Visual Studio

Required Qualifications

• Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience

• At least 4 years work experience in information technology, cyber security, or information security

Preferred Qualifications

• Security industry certification desired

This person must be located within a commutable distance to Mendota Heights, MN or Loveland, CO. This will be 2 days in the office hybrid model.

The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $94,100.00 - $117,700.00