When you join Accurate Background, you're an integral part of making every hire the start of a success story. Your contributions will help us fulfill our mission of advancing the background screening experience through visibility and insights, empowering our clients to make smarter, unbiased decisions.
Job Description
We are looking for a mid-level Application Security Analyst to support and scale our application vulnerability management program. This role is focused on triaging, prioritizing, and operationalizing findings from modern AppSec tooling, with a strong emphasis on developer enablement and signal quality. The ideal candidate has hands-on experience working with SAST, DAST, SCA, Microsoft Defender, and AWS, and understands how to turn raw tool output into clear, actionable remediation guidance for engineering teams. This is a highly collaborative role that requires strong organization, confident communication, and the ability to work effectively with engineers and leaders who have strong opinions and competing priorities.
Responsibilities
- Own the day-to-day triage and lifecycle management of application security findings across multiple tools
- Analyze and triage findings from: SAST, SCA to identify dependency risk, exploitability, upgrade paths, secrets scanning and Microsoft Defender – application, container, and cloud workload findings
- Validate findings for false positives, duplicates, environmental relevance, actual exploitability and impact
- Prioritize vulnerabilities based on risk, asset criticality, and business context
- Track remediation progress and enforce agreed-upon SLAs
- Leverage an Application Security Posture Management (ASPM) platform to:
- Correlate findings across application security tool set (SAST, DAST, SCA etc.)
- Reduce noise and improve prioritization accuracy
- Help maintain and improve risk scoring logic, findings normalization, exception and suppression workflows
- Identify gaps in coverage, data quality, or process and propose improvements
- Create and maintain reports and dashboards for different personas: developers (actionable, repo-level views), security leadership (risk posture, trends, SLA compliance) engineering leadership (program health, recurring issues)
- Track and communicate metrics such as: Open vs. closed vulnerabilities, mean time to remediate (MTTR), recurring vulnerability patterns, tool signal-to-noise ratio
- Provide clear, practical remediation guidance for developers, including:
- What the issue is and why it matters
- How to fix it (secure coding patterns, dependency upgrades, config changes)
- When compensating controls or risk acceptance may be appropriate
- Partner directly with development teams to:
- Answer follow-up questions
- Validate fixes
- Reduce repeat findings through education and pattern identification
- Serve as a security point of contact who is helpful, pragmatic, and technically credible
- Communication & Influence
- Communicate risk clearly and professionally to both technical and non-technical stakeholders
- Confidently defend triage decisions and prioritization logic
- Maintain composure and effectiveness when working with strong personalities
- Push back respectfully when security risk is being underestimated or deprioritized
Qualifications
- Hands-on experience with appsec tool chain SAST, SCA, DAST (Appcheck, Mend.IO, SonorQube, Veracode, Snyk etc.)
- Working knowledge of application security fundamentals:
- OWASP Top 10
- Common CWEs and CVEs
- Strong organizational skills with the ability to manage and prioritize large vulnerability backlogs
- Ability to translate technical findings into clear remediation guidance
- Experience using or operating within an ASPM platform
- Familiarity with CI/CD pipelines and GitHub-based workflows
- Experience reducing false positives and tuning AppSec tools
- Exposure to containerized or microservices-based architectures
- Comfort working in fast-paced engineering environments
- Experience operating in AWS-based environments
- Strong written and verbal communication skills
Working Conditions
- This position is a hybrid, based in the Hyderabad, India. Requiring 2 days a week in the office.
- The Information Security Engineer may be required to work flexible hours to accommodate different time zones or urgent situations.
Please note that the above job description represents a general overview of the responsibilities and requirements for this position at Accurate Background. Duties and qualifications may vary based on specific business needs and organizational changes.
The Accurate Way
We offer a fun, fast-paced environment, with lots of room for growth. We have an unwavering commitment to diversity, ensuring everyone has a complete sense of belonging here. To do this, we follow four guiding principles – Take Ownership, Be Open, Stay Curious, Work as One – core values that dictate what we stand for, and how we behave.
Take ownership.
Be accountable for your actions, your team, and the company. Accept responsibility willingly, especially when it's what's best for our customers. Give others every reason to trust you, believe in you, and count on you. Rise to every occasion with your personal best.
Be open.
Be open to new ideas. Be inclusive of people and ways of doing things. Make yourself accessible and approachable, and communicate with genuineness, transparency, honesty, and respect. Embrace differences.
Stay curious.
Stay curious even as you move forward. Tirelessly ask questions and challenge the status quo in your pursuit of new ideas, ways to solve problems, and to continually grow and improve.
Work as one.
Work together to create the best customer and workplace experience. Put our customers and employees first—before individual or departmental agendas. Make sure they get the help they need to succeed.
Equal opportunities
Accurate is an equal-opportunity employer and is committed to hiring talented and qualified individuals with diverse backgrounds. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Accurate will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws.
You must have a right to work in Australia indefinitely that does not involve sponsorship by the Company.
Special Notice
Accurate is aware of schemes involving fraudulent job postings/offers and/or individuals or entities claiming to be employees of Accurate. Those involved are offering fabricated employment opportunities to applicants, often asking for sensitive personal and financial information. If you believe you have been contacted by anyone misrepresenting themselves as an employee of Accurate, please contact [Confidential Information].
- Please be advised that all legitimate correspondence from an Accurate employee will come from @accurate.com email accounts.
- Accurate will not interview candidates via text or email. Our interviews are conducted by recruiters and leaders via the phone, Zoom/Teams or in an in-person format.
- Accurate will never ask candidates to make any type of personal financial investment related to gaining employment with the Company.
