Application Security Analyst
About The Position
CGI has an immediate need for a Application Security Analyst to join our team. This is an exciting opportunity to work in a fast-paced team environment supporting one of the largest customers. We take an innovative approach to supporting our client, working side-by-side in an agile environment using emerging technologies. We partner with 15 of the top 20 banks globally, and our top 10 banking clients have worked with us for an average of 26 years!. This role is located at a client site in Reston, VA. A hybrid working model is acceptable. The Application Security Analyst is responsible for identifying, assessing, and helping remediate security risks across modern applications, including web, API, and backend services. This role focuses on hands-on security testing, manual code reviews, and clear communication of risk to both technical and non-technical stakeholders. The analyst works closely with engineering and product teams to improve application security posture while ensuring findings are practical, prioritized, and aligned with business objectives.
Requirements
- 6+ years of professional experience in application security, penetration testing, or a closely related security role
- Strong hands-on experience conducting manual application security assessments, including secure code reviews and penetration testing
- Solid understanding of common application security vulnerabilities, exploitation methods, and mitigation techniques (e.g., OWASP Top 10)
- Proficiency with web security testing tools such as Burp Suite, OWASP ZAP, and other proxy, scanning, and fuzzing tools
- Experience performing manual source code reviews and identifying insecure coding practices across one or more programming languages
- Ability to assess vulnerability risk by considering exploitability, technical impact, and business context
- Skilled at documenting findings clearly, including evidence, root cause analysis, and actionable remediation guidance
- Comfortable explaining security risks and recommendations to both technical teams and business stakeholders
- Strong collaboration skills and the ability to work effectively with developers, architects, and product teams
Nice To Haves
- Background in software development or familiarity with modern application architectures is a strong plus
- Relevant security certifications (such as GWAPT, OSCP, CEH, or similar) are preferred but not required
Responsibilities
- Identifying, assessing, and helping remediate security risks across modern applications, including web, API, and backend services
- Hands-on security testing
- Manual code reviews
- Clear communication of risk to both technical and non-technical stakeholders
- Works closely with engineering and product teams to improve application security posture while ensuring findings are practical, prioritized, and aligned with business objectives.
Benefits
- Competitive compensation
- Comprehensive insurance options
- Matching contributions through the 401(k) plan and the share purchase plan
- Paid time off for vacation, holidays, and sick time
- Paid parental leave
- Learning opportunities and tuition assistance
- Wellness and Well-being programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
