Application Security Analyst
; Remote
Insight. Partnership. Purpose.
At Sound Physicians, our shared services and business teams play a vital role in advancing our mission to improve healthcare outcomes. Whether you're in finance, human resources, marketing, IT, operations, or talent acquisition, your work supports the clinicians who care for patients in communities across the country. You bring strategic thinking, operational excellence, and a deep commitment to service—ensuring our organization runs smoothly, grows responsibly, and innovates with purpose.
We are a remote-first national team, united by technology, collaboration, and a shared sense of purpose. While our clinicians deliver care locally, we stay connected and aligned—so they can focus on what matters most: improving lives at the bedside.
- Schedule: Full Time
- Work Arrangement: Remote
- Salary: $75000 - $110000
Success Profile
What makes a successful Application Security Analyst? Check out the traits we’re looking for and see if you have the right mix.
- Customer-Focused
- Collaborative
- Resourceful
- Self-Starter
- Compassionate
- Curious
Application Security Analyst
United States
Category:
Information Technology
About Sound
Founded in 2001 and headquartered in Nashville, TN, Sound Physicians is a nationally respected, physician-led medical group practicing in 400+ hospitals across 45 states. Our team of 4,000+ clinicians and 1,000+ business professionals across the country is united by one mission: to build exceptional clinical partnerships that unlock quality, affordable, dignified care for everyone – no matter who they are or where they live. With physician-led clinical teams and more than two decades of operational expertise, we’ve refined what it takes to consistently deliver exceptional care in hospital medicine, emergency medicine, critical care, anesthesia, and telemedicine.
Why join us?
- A remote-first culture that values flexibility and collaboration
- Opportunities to grow your career while making a real impact
- A team that champions inclusivity, innovation, and excellence
Whether working virtually or onsite at one of our practices, you’ll be part of a purpose-driven organization shaping the future of healthcare.
Sound Physicians offers a competitive benefits package inclusive of the items below, and more:
- Medical insurance, Dental insurance, and Vision insurance
- Health care and dependent care flexible spending account
- 401(k) retirement savings plan with a company match
- Paid time off (PTO) begins accruing immediately upon start date at a rate of 15 days per year, in accordance with Sound's PTO policy
- Ten company-paid holidays per year
About the Role
The Application Security Analyst helps embed security into the software delivery lifecycle by partnering with development, platform, cloud, and security teams to build secure-by-default processes. This role focuses on reducing risk through automation, continuous testing, secure configuration, and practical guidance that enables teams to ship software quickly and safely. The ideal candidate possesses a strong understanding of application security principles, secure coding practices, cloud security controls, vulnerability management, and modern DevSecOps methodologies.
The Details:
- Participation in the after-hours security incident response and on-call rotation is part of the role.
Essential Duties and Responsibilities
- Integrate security controls and automated checks into CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), secret scanning, container security scanning, and Infrastructure-as-Code (IaC) validation.
- Partner with developers and platform engineers to identify, prioritize, and remediate application, API, container, and cloud security risks early in the development lifecycle.
- Perform application security assessments, architecture reviews, and threat modeling exercises for new and existing applications.
- Support vulnerability management by validating findings, reducing false positives, tracking remediation, and helping define risk-based service-level expectations.
- Conduct secure code reviews and provide guidance on secure coding practices aligned with OWASP Top 10, CWE, and industry standards.
- Perform security reviews for application architecture, deployment patterns, third-party components, and cloud configurations.
- Develop and maintain secure pipeline standards, reusable guardrails, and policy-as-code checks that improve consistency without creating unnecessary delivery friction.
- Collaborate with engineering, infrastructure, and security operations teams on incident response, root cause analysis, and hardening activities related to software delivery platforms.
- Create and maintain documentation, standards, playbooks, and training materials related to application security, secure development, and DevSecOps practices.
- Track vulnerability trends, security metrics, and recurring issues to improve security maturity across build, release, and runtime workflows.
- Stay current on emerging threats, attack techniques, vulnerabilities, and security technologies relevant to application and cloud security.
Values
- Collaborative: Demonstrates the ability to work well with others to accomplish a goal and get the work done; takes opinions of others into consideration; includes others in the decision-making process.
- Eager to Learn: Proactively seeks out information, embraces learning new things and enjoys the learning process.
- Intellectually curious: Demonstrates a genuine interest in learning new things and wants to know the reason “why” behind the way things are done.
- Committed: Demonstrates dedication to the job, project, organization, customer/clients and co-workers.
- Resourceful: Proactive willingness to utilize available information and tools to figure things out.
Knowledge, Skills, and Abilities
- Strong understanding of application security concepts, secure coding practices, and common attack vectors.
- Strong understanding of application security concepts, secure coding practices, and common attack vectors.
- Knowledge of security testing methodologies including SAST, DAST, SCA, penetration testing, secret scanning, and IaC security assessments.
- Familiarity with cloud platforms such as Azure and AWS.
- Familiarity with CI/CD platforms such as Azure DevOps, GitHub Actions, GitLab CI, or Jenkins.
- Knowledge of OWASP Top 10, OWASP API Security Top 10, MITRE ATT&CK, and NIST Cybersecurity Framework.
- Experience with application security platforms such as Veracode, Checkmarx, Fortify, SonarQube, Snyk, Mend, Burp Suite, Rapid7 InsightAppSec, or similar tools.
- Familiarity with scripting and automation using Python, Powershell, Bash, or similar languages.
- Experience securing containerized applications and platforms (Docker, Kubernetes, OpenShift, AKS, EKS, or GKE), including container image scanning, runtime security monitoring, admission controls, and Kubernetes security best practices.
- Knowledge of container technologies, source control workflows, and modern software delivery practices.
- Familiarity with common static and dynamic application security tools.
- Ability to analyze security findings, assess risk, and communicate remediation recommendations effectively to technical and non-technical stakeholders.
- Familiarity with AI-assisted development processes and appropriate security controls.
- Strong written and verbal communication skills.
- Ability to translate technical issues into clear guidance and action plans
- Knowledge of cloud-native security controls.
- Familiarity with Kubernetes, Terraform, and similar Infrastructure-as-Code tools.
- Familiarity with secrets management, PKI, certificate management, and cryptographic controls.
- Knowledge of compliance frameworks such as NIST CSF, NIST 800-53, HIPAA, PCI DSS, SOC 2, ISO 27001, and HITRUST.
Education and Experience
- Bachelor’s degree in Computer Science, Information Security, or related field, with industry-recognized certifications such as CSSLP (Certified Secure Software Lifecycle Professional), GWAPT (GIAC Web Application Penetration Tester), OSWE (Offensive Security Web Expert), CEH (Certified Ethical Hacker)
- 4+ years of experience in application security, DevOps, cloud security, security engineering, or a related cybersecurity role.
- Knowledge of scripting and programming languages such as Python, PowerShell, Java, JavaScript, C#, or Go is highly desirable and considered a plus.
- Experience supporting regulated environments such as healthcare, financial services, or other compliance-driven industries.
Salary Range
- This position offers an annual salary range of $75,000 to $110,000. Exact salary will depend on the candidate’s experience, education and geographic location.
Sound Physicians is an Equal Employment Opportunity (EEO) employer and is committed to diversity, equity, and inclusion at the bedside and in our workforce. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by federal, state, or local laws.
This job description reflects the present requirements of the position. As duties and responsibilities change and develop, the job description will be reviewed and subject to amendment.
Your role as a Care Catalyst
-
We Lead with Purpose:
You help clinicians focus on care by managing the essential business functions that keep our organization running—whether it's recruiting top talent, ensuring accurate billing, streamlining credentialing, supporting learning and development, or enabling technology. Your work behind the scenes powers our mission and drives operational excellence.
-
We Build Meaningful Connections:
You collaborate across shared services teams and with clinical partners to deliver seamless support. Whether you're designing a campaign, processing claims, onboarding a new clinician, or enhancing internal systems, your work builds trust and enables success.
-
We Support Care, Nationwide and Locally:
As a remote-first national team, you provide centralized support that empowers clinicians to deliver care in their local communities. Through technology, communication, and shared purpose, we stay connected and responsive to the needs of those on the front lines.
-
We Grow Together:
You develop specialized expertise, strengthen cross-functional partnerships, and make a lasting impact. Because investing in our people—whether clinical or corporate—is how we deliver uncompromising care.
Hear from our team
-

“As an employee of Sound Physicians for over 10 years, what I truly enjoy is the people and the culture. There’s a strong sense of trust and collaboration, and I feel genuinely supported as a colleague. Leadership is approachable, ideas are welcomed, and there’s a real focus on growth and development. It’s rewarding to work for an organization that invests in its people and stays true to its mission. I’m proud of the work we do and the team I get to do it with.”
Amber Dean,
Senior Staffing Manager -

“What drew me to Sound is simple: business leaders here actually make an impact. We’re solving real problems, strengthening infrastructure, and shaping how care is delivered. It’s energizing to know the work you do on the business side genuinely helps clinicians and patients every day.”
Courtney Reun,
Vice President, Talent Attraction & Experience
Rewards
-
Remote first environment
-
Work-Life Balance
-
Medical, Dental and Vision Insurance
-
Lifestyle Spending Account
-
401K with company match
-
Paid time off starting with 15 days off + 10 company-paid holidays