Senior Application Security Analyst
Listed on 2026-07-03
-
IT/Tech
Cybersecurity
Mission
The mission of Washington Health Benefit Exchange (Exchange) is to radically improve how Washington residents secure health insurance through innovative and practical solutions, an easy-to-use customer experience, our values of integrity, respect, equity and transparency, and by providing undeniable value to the health care community.
Equity StatementEquity is fundamental to the mission of the Washington Health Benefit Exchange. The process of advancing toward equity and becoming anti‑racist is disruptive and demands vigilance to dismantle deeply entrenched systems of privilege and oppression. While systemic racism is a root cause of many societal inequities, we must also use an intersectional approach to address all forms of bias and oppression, which interact with and often exacerbate racial inequities.
To be successful, we must recognize the socioeconomic drivers of health and focus on people and places where needs are greatest. As we listen to community, we must hold ourselves accountable to responding to recommendations to remedy inequitable policies, systems, or practices within the Exchange’s area of influence. Our goal is that all Washingtonians have full and equal access to opportunities, power and resources to achieve their full potential.
The Senior Application Security Analyst plays a key role in protecting WAHBE’s data and applications by ensuring security controls are effectively integrated throughout the Software Development Lifecycle (SDLC) across both cloud and on‑premises environments. Operating under the guidance of the Application Security Lead, this role serves as a senior technical contributor and collaborates closely with delivery teams, Dev Ops, architects, IT, and external partners to implement and sustain secure software development practices.
This position is responsible for executing application security assessments, threat modeling, and vulnerability management, while supporting risk assessments and ensuring alignment with WAHBE’s security policies and regulatory requirements. The Senior Application Security Analyst helps drive the adoption and continuous improvement of the Secure Software Development Lifecycle (SSDLC) by integrating automated security controls, conducting code reviews, and promoting secure coding standards.
Key Responsibilities- Identify and mitigate application security risks, support incident response activities, and provide actionable guidance to delivery teams for remediation.
- Contribute to strengthening overall application security posture by addressing emerging threats, supporting compliance efforts, and ensuring security best practices are consistently applied across the organization.
- Serve as a senior subject matter expert for application security across Microsoft Azure and cloud‑native architectures including hybrid and multi‑cloud environments.
- Perform and coordinate application security assessments, code reviews to align with WAHBE security policies, industry standards (NIST, OWASP), and regulatory compliance (e.g., CMS, IRS), including API and microservices security assessments.
- Support the implementation and continuous improvement of the Secure Software Development Lifecycle by integrating security controls and best practices into development and deployment processes.
- Collaborate with delivery teams, architects, Dev Ops engineers to embed security into all phases of the SDLC, including participation in threat modeling, security requirement reviews, and architecture discussions.
- Review application and solution architectures to identify security weaknesses, attack surfaces, and insecure design patterns, and provide remediation recommendations.
- Perform security design reviews for web applications, APIs, microservices, containers, and serverless technologies to ensure secure implementation practices are followed.
- Develop, document, and enforce secure coding standards, secure design guidelines, and application security procedures to ensure consistent and secure development practices.
- Enhance and lead the Application Security and Penetration Testing program, including performing security and penetration testing and integrating…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).