1

Appsec Jobs in Georgia (NOW HIRING)

Senior Security Analyst

Atlanta, GA · On-site

$91K - $119K/yr

We are seeking a Senior Security Analyst / AppSec Specialist to join our Information Security & Compliance team. This is a hands-on, high-impact role responsible for strengthening our application ...

Sr. Software Engineer (Java)

Atlanta, GA · On-site

$122K - $161K/yr

A strong knowledge of cyber security standards, like CSA/OWASP & SSDF, and awareness of tools and ways to mitigate the software vulnerabilities using AppSec tools for SAST, DAST and Penetration ...

DevSecOps Application Security Engineer

Atlanta, GA · On-site

$56.50 - $75.50/hr

Prepare technical and executive reports, communicate findings with stakeholders, and support audits, compliance, and AppSec initiatives. Preferred Skill and Experience • Security Advisory & Review:

AppSec, SecOps / detection engineering, IAM, cloud security, offensive security / penetration testing, GRC, or responsible AI * Minimum 1 year of experience Hands-on proficiency with agentic coding ...

Sr. Software Engineer (Java)

Atlanta, GA · Hybrid

$122K - $161K/yr

A strong knowledge of cyber security standards, like CSA/OWASP & SSDF, and awareness of tools and ways to mitigate the software vulnerabilities using AppSec tools for SAST, DAST and Penetration ...

next page

Showing results 1-20

Appsec information

What is the difference between Appsec vs Security Analyst?

AspectAppsecSecurity Analyst
Required CredentialsCertifications like CISSP, CEH, OSCP; knowledge of secure codingCertifications such as Security+, CISSP; threat analysis skills
Work EnvironmentDevelopment teams, secure coding practices, application testingMonitoring security systems, incident response, risk assessment
Employer & Industry UsageTech companies, software firms, organizations with application security needsAll industries, including finance, healthcare, government, focusing on security monitoring

Appsec professionals focus on securing applications through secure coding, testing, and vulnerability management, while Security Analysts monitor and respond to security threats across systems. Both roles require security certifications and work in overlapping environments, but their core responsibilities differ in scope and focus.

What job categories do people searching Appsec jobs in Georgia look for? The top searched job categories for Appsec jobs in Georgia are:
What cities in Georgia are hiring for Appsec jobs? Cities in Georgia with the most Appsec job openings:
Infographic showing various Appsec job openings in Georgia as of July 2026, with employment types broken down into 100% Full Time. Highlights an 100% Remote job distribution.
Senior Security Analyst

Senior Security Analyst

PowerPlan, Inc

Atlanta, GA • On-site

$91K - $119K/yr

Other

Re-posted 6 days ago


Job description

Overview
PowerPlan is looking for every opportunity to help our customers and prospects gain more value from our suite of software solutions. We are seeking a Senior Security Analyst / AppSec Specialist to join our Information Security & Compliance team. This is a hands-on, high-impact role responsible for strengthening our application security posture, driving vulnerability management maturity, and supporting security operations across our cloud-hosted SaaS environment. The successful candidate will serve as a technical security practitioner embedded within our engineering and operations ecosystem, partnering closely with DevOps, product, and compliance teams.
To be successful in this role, you should have extensive experience with CrowdStrike Falcon, including its Next-Gen SIEM, Data Protection, CSPM, and Threat Intelligence capabilities, as well as experience coordinating penetration tests and running vulnerability assessments with Qualys. You should have hands-on experience with Rapid7, CI/CD pipeline hardening, cloud security in AWS and/or Azure, and security architecture. Experience implementing process improvements and driving program maturity aligned with NIST CSF 2.0 is essential. You should also have excellent communication, problem-solving, and analytical skills, as well as the ability to work independently and as part of a team.
COMPANY
PowerPlan specializes in enterprise software solutions used by organizations with complex financial, regulatory, and operational needs. We deliver secure, cloud-hosted SaaS products that help customers manage critical workflows with accuracy, transparency, and compliance.
The security team plays a central role in protecting customer trust, enabling rapid product innovation, and ensuring alignment with frameworks such as SOC 2, ISO 27001, and NIST CSF 2.0. We operate in a collaborative environment that values technical depth, continuous improvement, and responsible innovation.
Responsibilities
KEY PERFORMANCE OBJECTIVES (First 12 Months)
OBJECTIVE 1: Implement a Centralized Application Vulnerability Management Platform (First 120 Days)
Outcome:
Deploy a consolidated platform (e.g., DefectDojo) that aggregates SAST, DAST, SCA, penetration-testing, and manual-review findings within 120 days. Ensure all engineering teams have visibility into normalized, prioritized findings, with assignment and SLA workflows in place. Produce monthly reports showing coverage, SLA adherence, and remediation progress.
Impact:
Provides a "single pane of glass" that enables consistent prioritization, eliminates fragmented tooling silos, and measurably reduces MTTR for application vulnerabilities. Improves audit readiness and strengthens engineering alignment by creating a unified source of truth for risk decisions.
How:
Evaluate and implement the platform, integrate scanning tools and pen-test reports, configure cross-team workflows, onboard engineering groups, define remediation SLAs, and publish monthly dashboards to engineering and security leadership.
OBJECTIVE 2: Lead the Annual Application + Cloud Penetration Testing Program (Annual Cycle)
Outcome:
Coordinate annual penetration testing for web applications, APIs, and cloud environments; ensure final reports are processed within 30 days. Track remediation and retesting and ensure all critical/high-risk findings are addressed within SLA. Maintain audit-ready documentation for compliance teams.
Impact:
Ensures independent validation of application and cloud security posture, reduces exploitable weaknesses, and directly supports SOC 2 and ISO 27001 evidence requirements. Builds leadership confidence through measurable remediation accountability.
How:
Manage vendor selection and scoping, coordinate technical access and test data, review findings, facilitate engineering remediation, validate fixes, capture evidence, and update Confluence with all required artifacts and timelines.
OBJECTIVE 3: Implement a Standardized Security Architecture Review Process (First 120 Days)
Outcome:
Establish and operationalize a design-review process for all major new product features and third-party integrations within 120 days. Produce documented review artifacts, identified risks, and required remediation actions for development teams. Ensure findings are incorporated before release.
Impact:
Reduces late-cycle rework, prevents design-level security gaps, and embeds security as a natural part of the product development lifecycle. Improves release confidence and accelerates secure deployment across the SaaS platform.
How:
Create templates, facilitate threat-model discussions (e.g., STRIDE), review integration risks, track remediation items, collaborate with engineering leads, and maintain documented review outcomes in shared repositories.
OBJECTIVE 4: Drive Measurable Maturity Improvements Aligned to NIST CSF 2.0 (First 12 Months)
Outcome:
Deliver measurable improvements across NIST CSF functions through documented workflows, baseline control assessments, performance metrics, and quarterly KPI reporting. Create repeatable processes and audit-ready artifacts across Identify, Protect, Detect, Respond, and Recover.
Impact:
Strengthens the formal structure and reliability of the security program, reduces operational and compliance risk, and enhances readiness for SOC 2 and ISO 27001 by demonstrating consistent, evidence-based maturity growth.
How:
Assess current control gaps, standardize repeatable workflows, document runbooks and procedures, collaborate with engineering and compliance, automate where practical, and present quarterly maturity dashboards.
OBJECTIVE 5: Strengthen Cross-Functional Collaboration Across Dev, CloudOps, IT & Compliance (First 6-9 Months)
Outcome:
Implement recurring cross-team security syncs, remediation checkpoints, and shared KPI dashboards. Drive measurable improvements in SLA adherence, cloud misconfiguration reduction, recurring-vulnerability prevention, and overall operational alignment.
Impact:
Builds unified, organization-wide ownership of security responsibilities, accelerates remediation cycles, and reduces risk introduced by siloed decisions or inconsistent practices.
How:
Establish communication cadences, run joint review sessions, align remediation expectations, publish shared dashboards, and deliver clear visibility to leadership on cross-team security performance.
Qualifications
WHAT YOU BRING
  • Hands on experience with application security scanning (SAST/DAST/SCA), pen-testing coordination, and vulnerability management platforms.
  • Strong working knowledge of CrowdStrike, Qualys, and/or Rapid7.
  • Cloud security experience in AWS and/or Azure, including IAM, logging, and posture management.
  • Experience performing or facilitating threat modeling and architecture reviews.
  • Familiarity with SOC 2, ISO 27001, and NIST CSF 2.0.
  • Strong analytical, communication, and documentation skills.
  • Ability to partner effectively across engineering, DevOps, CloudOps, IT, and compliance teams.
  • Demonstrated ability to drive process maturity and measurable improvements.

PowerPlan is an EOE"
Applicant and Candidate Privacy Notice
Please note that this is a hybrid role that involves a combination of onsite work from our corporate office as well as work from home. While we strive to accommodate flexible working arrangements when sensible, there will be times when onsite work is required. This could include scheduled office days, team meetings, client meetings, or special events.