Back to search
PowerPlan, Inc. Linkedin · Posted 18d ago

Senior Cloud Application Security Engineer

Atlanta, Georgia, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

OVERVIEW

This is a hands-on, high-impact technical security role at the center of PowerPlan’s AppSec program, security operations, and AI governance function. The Senior Security Analyst owns application security testing and pipeline integration, operates CrowdStrike and Rapid7 for detection and threat intelligence, governs AI and SaaS tool security compliance, and drives measurable program maturity across vulnerability management and process improvement. The role requires a practitioner who is embedded in the engineering and DevOps ecosystem — not just a SOC analyst — with demonstrated experience owning AppSec tooling in CI/CD pipelines and building programs, not just responding to alerts.


COMPANY

PowerPlan provides financial, accounting, and compliance software to North American energy and utility companies. We are a B2B enterprise SaaS company mid-migration to a cloud-native platform built on .NET Core and Azure. Our Information Security & Compliance team protects a complex, cloud-hosted SaaS environment supporting mission-critical financial operations for regulated industries. This role operates at the center of that environment — embedded in engineering and DevOps workflows, not siloed from them.


KEY PERFORMANCE OBJECTIVES — FIRST 12 MONTHS


Objective 1: Application Security Program & CI/CD Pipeline Integration (6 Months)

OUTCOME

Within 6 months, establish a fully operational AppSec testing program covering SAST, DAST, and software composition analysis (SCA) across the SDLC — with security gates integrated into CI/CD pipelines and a centralized vulnerability management platform (such as DefectDojo) consolidating findings from all scanning tools, penetration tests, and manual assessments into a single tracked view across PowerPlan’s application portfolio.

IMPACT

Shifts application security left — catching vulnerabilities earlier and cheaper in the development cycle. Gives engineering and security teams a shared, consistent view of application risk and remediation status, reducing gaps between what’s discovered and what’s fixed.

HOW

Lead SAST/DAST/SCA tooling selection and integration into existing CI/CD pipelines; configure automated scanning gates and secrets detection; stand up and own the centralized AppSec vulnerability platform; coordinate and manage third-party penetration tests for web applications, APIs, and cloud infrastructure; track all findings through remediation closure; and conduct security architecture reviews for new features, integrations, and third-party components. Harden pipelines and establish repeatable security review checkpoints in the development lifecycle.

Key deliverable: Operational AppSec pipeline with documented toolchain, scanning coverage report by application, and active DefectDojo (or equivalent) instance with triaged, prioritized finding backlog and SLA-tracked remediation workflow.


Objective 2: Security Operations, Threat Detection & Incident Response (3–6 Months)

OUTCOME

Within 3–6 months, operate and optimize Rapid 7 SIEM and help build requirements and manage transition to CrowdStrikes’ Next-Gen SIEM. Monitor CrowdStrike’s Threat Intelligence, and Data Protection capabilities to deliver reliable threat detection, triage, and incident response — with refined detection rules, correlation logic, and documented response playbooks that reduce noise and improve response quality across PowerPlan’s environment.

IMPACT

Reduces mean time to detect and respond to threats. Enriched, correlated telemetry across CrowdStrike and Rapid7 improves the quality of security decisions and accelerates incident containment. Well-documented playbooks ensure consistent, repeatable response regardless of who is on-call.

HOW

Monitor Rapid7/ CrowdStrike Next-Gen SIEM for alert triage, investigation, and incident response; leverage Threat Intelligence and Data Protection capabilities to identify and contain emerging threats; use Rapid7 for vulnerability risk prioritization and correlation with CrowdStrike telemetry; conduct proactive threat hunting and root cause analysis on security incidents; develop and refine detection rules and response playbooks; and maintain security reports, logs, and audit-ready documentation throughout.

Key deliverable: Library of tested, documented response playbooks; tuned detection ruleset with alert reduction metrics; incident log with root cause analysis documentation for all significant events in the period.


Objective 3: AI Tool Governance & Procured Technology Compliance (6–9 Months)

OUTCOME

Within 6 months, manage and automate a fully operational AI tool governance function — including a maintained AI Tool Inventory, security review process for all newly onboarded AI and SaaS tools, compliance monitoring against SOC 2 Type II controls and ISO/IEC 42001 alignment, and an enforced MCP Server Security Baseline for AI integrations and connector deployments across PowerPlan’s environment.

IMPACT

As AI tool adoption accelerates across the organization, ungoverned AI tools represent a growing and novel attack surface. A structured governance function ensures PowerPlan can move fast on AI adoption without compromising data handling controls, compliance posture, or audit readiness.

HOW

Maintain and enforce PowerPlan’s AI Tool Inventory; partner with Legal and IT on pre-onboarding security reviews using UpGuard; evaluate AI and SaaS tools against data handling, access control, and logging requirements; document findings in the vendor risk register; support classification and security review of internally developed and procured AI agents using PowerPlan’s agent publishing risk framework; apply and maintain the MCP Server Security Baseline for connector deployments; support Netskope DLP policy tuning for AI-destined data flows; and monitor and escalate policy violations tied to the AI Dev Policy Controls initiative.

Key deliverable: Maintain AI Tool Inventory with risk classifications and review status; documented MCP Server Security Baseline with applied compliance evidence; vendor risk register entries for all AI/SaaS tools reviewed in the period.


Objective 4: Security Program Maturity, Metrics & Process Improvement (9–12 Months)

OUTCOME

Within 12 months, deliver measurable improvements in vulnerability management maturity — reduced MTTR, improved SLA adherence, and enhanced risk prioritization — supported by documented security processes, audit-ready runbooks in Confluence, and KPI dashboards that demonstrate program effectiveness to leadership and compliance stakeholders.

IMPACT

Matures the security program from reactive to proactive. Documented, repeatable processes reduce key-person dependency, improve audit performance, and build organizational confidence in the security function. Metric-driven reporting earns credibility with leadership and compliance teams.

HOW

Develop and maintain security KPI dashboards; document processes, runbooks, and procedures in Confluence; support NIST CSF 2.0 alignment and SOC 2 Type II audit lifecycle activities (including security questionnaire standardization); identify and execute opportunities for tooling consolidation, automation, and operational efficiency; and partner with CloudOps, IT, and Dev teams to ensure security measures are implemented, monitored, and operating effectively across the environment.

Key deliverable: MTTR trend report showing improvement from baseline; Confluence runbook library covering all core security processes; SOC 2 audit support documentation; security KPI dashboard shared with leadership on a defined cadence.


WHAT YOU BRING

APPLICATION SECURITY

  • Hands-on SAST, DAST, and SCA tooling experience — owning the program, not just running scans
  • CI/CD pipeline hardening and AppSec gate integration (GitHub Actions, GitLab CI, Jenkins, or equivalent)
  • Centralized AppSec vulnerability platform experience (DefectDojo or equivalent) for consolidated tracking and remediation workflow
  • Penetration test coordination and remediation lifecycle management
  • Security architecture review experience for features, integrations, and third-party components


SECURITY OPERATIONS & TOOLING

  • CrowdStrike proficiency: Next-Gen SIEM, Data Protection, CSPM, AIDR, Falcon Shield, and Threat Intelligence
  • Qualys for vulnerability scanning, asset discovery, and remediation tracking
  • Rapid7 for risk prioritization, vulnerability management, and/or detection
  • Proactive threat hunting and root cause analysis on security incidents
  • Detection rule development, correlation logic tuning, and response playbook authorship


CLOUD & INFRASTRUCTURE SECURITY

  • AWS and/or Azure cloud security: IAM, security group configurations, logging, and CSPM
  • Experience in a SaaS or cloud-native software company environment [PREFERRED]
  • Scripting or automation experience (Python, PowerShell, or Bash) for security tooling integration[PREFERRED]
  • Network security, zero trust architecture, or microsegmentation experience[PREFERRED]


EDUCATION & CERTIFICATIONS

  • 5+ years as a Security Analyst or equivalent, with demonstrated AppSec and/or AI security focus
  • Bachelor’s degree in Computer Science, Information Security, or related field — or equivalent experience
  • CISSP, OSCP, CEH, GCIH, GCFA, CrowdStrike CCFA/CCFH, or AWS Security Specialty[PREFERRED]
  • AI security certification (AAISPM or equivalent AI governance credential) [PREFERRED]


PowerPlan is an EOE

Applicant and Candidate Privacy Notice

Please note that this is a hybrid role that involves a combination of onsite work from our corporate office as well as work from home. While we strive to accommodate flexible working arrangements when sensible, there will be times when onsite work is required. This could include scheduled office days, team meetings, client meetings, or special events.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent