Senior Security Analyst - AppSec

About the position Patterson isn't just a place to work, it's a partner that cares about your success. One of the distinguishing marks of our company is the talented people who embrace the people-first, always advancing, and results-driven culture. Professional growth abounds in this motivating environment. We value the diverse talents and experiences our employees bring to Patterson and believe that they build a stronger and successful organization. Job Description: The Application Senior Security Analyst leads the implementation and maintenance of network and application security systems to protect Patterson’s information assets. This role drives technical support, incident response, and ensures alignment with security and project goals. The analyst develops and enhances the application security program using industry best practices and frameworks. Expertise in secure coding, static and dynamic code analysis, and vulnerability remediation is essential. The candidate integrates security controls into CI/CD pipelines using SecDevOps methodologies. Responsibilities include tool integration, policy enforcement, and continuous monitoring. Collaboration across DevOps, compliance, risk, and audit teams ensures enterprise-wide security alignment. A methodical approach to assessing and triaging security findings is critical for success. Responsibilities • Perform application security triage, oversee issue resolution, and track remediation metrics • Oversees the maintenance, support, and delivery of associated security platforms • Drives continuous improvements in acting on alerts, service requests, and incidents • Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues • Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements • Strong mentor with the ability to work with junior team members and provide leadership and training on new tools or projects • Provide support and ongoing input in the evolution of the application security program • Ensure the application security tool set is optimized, tuned, and maintained • Collaborate with Devs and Ops teams to embed security into CI/CD pipelines and SecDevOps workflows • Perform security testing to include SAST, DAST, SCA, Container, APIs, IaC, Secrets • Interact with Infrastructure, DevOps, and application owners to ensure alignment with Patterson’s roadmaps • Prioritize workload depending on business direction, compliance, and / or security requirements • Embedded in the SDLC process for all major applications, working with DevOps, SecDevOps, Developers, QA, Principal Architects, Security Champions, • Actively participate and / or lead weekly meetings with application team leads and security champions • Track and manage identified vulnerabilities through resolution, ensuring timely remediation and documentation. • Oversee the planning, execution, and follow-up of penetration tests conducted by internal teams and external security partners. Requirements • Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience • At least 4 years work experience in information technology, cyber security, or information security Nice-to-haves • Experience with .Net, C#, Javascript, Angular and related languages • Familiarity with AzureDevOPs (ADO), Package Management, SBOM, TFS and / or VSTS • Familiarity with major cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) • General knowledge of Application Security frameworks such as BSIMM, OWASP SAMM / ASVS, NIST, etc • Experience with Thick Clients, Web Apps, Cloud Solutions, SPA, Web Services, MVC, APIs, etc • Familiar with Azure DevOps Pipelines for automated build, test and deployment workflows • Ability to support and manage Azure services including Azure Container Apps (ACA), Azure Kubernetes Service (AKS), and Azure Artifacts • Familiarity with software supply chain security processes, including vulnerability scanning, artifact integrity validation, and dependency risk management • Experience implementing and maintaining gating workflows in CI/CD pipelines to enforce security and compliance checks prior to deployment • Experience communicating security concerns and issues to non-technical audiences • Proficient in assessing microservices and APIs for security flaws using automated and manual testing techniques. • Familiar with key application security tools such as BurpSuite, HCL AppScan, Veracode, Qualsys WAS, Micro Focus WebInspect, Checkmarx, Mend.io (White Source), DevTools, Fiddler, Owasp Zap, Metasploit, BeeF, SQLMap, Postman, etc • Experience with Swagger, SOAPUI, Visual Studio • Security industry certification desired • This person must be located within a commutable distance to Mendota Heights, MN or Loveland, CO. Benefits • Full Medical, Dental, and Vision benefits and an integrated Wellness Program. • 401(k) Match Retirement Savings Plan. • Paid Time Off (PTO). • Holiday Pay & Floating Holidays. • Volunteer Time Off (VTO). • Educational Assistance Program. • Full Paid Parental and Adoption Leave. • LifeWorks (Employee Assistance Program). • Patterson Perks Program. Apply tot his job