puestos de Information Security Analyst en United States

Checkout.com — you may not know our name, but companies like eBay, ASOS, Klarna, Uber Eats, and Sony rely on us. We enable seamless online checkout, powering billions of transactions every year. With 19 offices across six continents and London as our HQ, we are fast-moving, performance-driven, and dedicated to building the future of fintech.

As a Junior Application Security Analyst in the Information Security team, you will help secure Checkout.com's software applications throughout the Secure Software Development Lifecycle (SSDLC). You will work closely with developers and product teams to integrate security early in the development process, identify and oversee the remediation of vulnerabilities, and ensure adherence to secure coding practices and application security standards. This role focuses on practical, hands-on security support while also growing your expertise in application security.

SSDLC & Secure Coding

• Assist in integrating security controls into the SSDLC.
• Support the creation and maintenance of secure coding guidelines (e.g., OWASP Top 10, CERT Secure Coding Standards).

Application Security Testing

• Run Static Application Security Testing (SAST) and Software Composition Analysis (SCA) scans.
• Conduct API security testing.
• Support CI/CD pipelines to maintain secure and effective integration.

Threat Modelling & Application Security Analysis

• Participate in threat modelling sessions.
• Document identified threats, assess risks and provide mitigation recommendations.
• Assist in code and system reviews to analyze security in the company's products.

Vulnerability Management

• Triage and prioritise vulnerabilities from automated scans.
• Track, verify and ensure remediation of security flaws.
• Assist in automating AppSec pipelines.

Collaboration & Awareness

• Collaborate with engineering teams to integrate security into product design and improve existing systems.
• Help deliver training and awareness on SSDLC best practices and secure coding.
• Contribute to security documentation.

• 1-3 years in application security, secure software development, or related IT/security role.
• Understanding of basic network technologies and protocols (HTTP, TCP/IP, DNS and the OSI model).
• Understanding of common software vulnerabilities and their mitigations.
• Basic programming experience in a popular language (e.g., Python, JavaScript, Golang).
• Understanding of CI/CD pipelines and DevSecOps principles.
• Basic understanding of AWS technologies and GitHub security features.
• Strong attention to detail in documentation and assessments.

• Familiarity with SAST/DAST/SCA tools and API security testing platforms.
• Exposure to cloud-native application security (AWS, Azure, GCP).
• Understanding of container security (Docker, Kubernetes).
• Experience participating in Capture The Flag (CTF) competitions.

• Eager to learn and expand technical skills in application security.
• Effective communicator with both technical and non-technical audiences.
• Collaborative and proactive problem solver.

We create conditions for high performers to thrive—through real ownership, fewer blockers, and work that makes a difference from day one. Here, you’ll move fast, take on meaningful challenges, and be recognized for the impact you deliver. It’s a place where ambition meets opportunity, and your growth is in your hands.

We work as one team and back each other to succeed. Regardless of background or identity, if you’re ready to grow and make a difference, you’ll feel at home here. If you need adjustments to make your application or working environment more comfortable, please let us know in your application or tell your recruiter.

We understand that work is just one part of life. Our hybrid model offers three days per week in the office to support collaboration and connection.

Curious about what it’s like to be part of our team? Visit our Careers Page to learn more about our culture, open roles, and what drives us. For a closer look at daily life at Checkout.com, follow us on LinkedIn and Instagram.