UST
Application Security Consultant
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About UST
UST is a global provider of digital technology services and solutions, focusing on digital transformation, IT consulting, and technology implementation for large enterprises. Founded in 1998 and headquartered in Aliso Viejo, California, UST has over 26,000 employees across 25 countries. The company partners with Global 1000 enterprises to drive innovation and efficiency through a structured approach that includes strategy, planning, building, verifying, and running operations. UST offers a wide range of services, including strategy implementation, experience design, and digital transformation. Its expertise spans various industries such as healthcare, manufacturing, retail, financial services, and telecommunications. The company also provides proprietary products and platforms like UST HealthProof and UST SmartOps to enhance its service delivery. UST leverages advanced technologies, including machine learning and AI, to optimize operations and deliver measurable outcomes for its clients.
Security at UST
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- UST public guidance calls for centralized programs and practices: "Implement a comprehensive application security program".
- They aim to "Train developers on secure coding practices"and emphasize "shifting security left means no surprises on the right".
- Their CTEM offering "provides a real-time view of your organization's threat exposure"for prioritizing threats.
- Stated pain points/goals include "Automated scan failure remediations"and "SAST tool optimizations — drastically decreased the rate of false positive security issues".
- No public, verbatim statement was found that explicitly defines UST AppSec's formal mission statement as a short single-sentence charter, nor a published AppSec manifesto on ust.com.
Security Team
No explicit public evidence found describing the internal AppSec reporting line or whether AppSec is centralized vs. embedded. Tony Velleca is the "Chief Executive Officer of CyberProof". Team size estimate is not publicly available. There are 2 active AppSec job postings as of, including an AI/ML Application Security Analyst and a Product Security Engineer. Common skill/tool patterns from job postings include "Proven experience with SSPM, ASPM, CSPM, and Zero Trust Security frameworks", "familiarity with AI/ML security, including MLSecOps, GenAI and LLMs", and "Strong knowledge of web application firewall (WAF), API security... RASP... DLP". No public, verifiable org chart or named AppSec leaders (e.g., "Head of Application Security") was found on ust.com or other UST-owned pages. Team size not published.
Key Initiatives
No public evidence found describing a formal Security Champions program. "shifting security left means no surprises on the right"is a stated practice, with practical measures like "Automated scan failure remediations"and "SAST tool optimizations". The vulnerability management process involves "Automated scan failure remediations", tracking and remediating "security vulnerabilities in applications", and CTEM providing "provides metrics, dashboards, and tracking data". Intake sources include "Use SAST and DAST tools to scan applications for vulnerabilities". No public evidence for SLAs or MTTR. Secure SDLC artifacts involve "Use SAST and DAST tools"and "Threat modeling", with references to "Cloud-native DevSecOps implementation". Recent initiatives include a December 2025 telco case study showing a "reduced daily vulnerabilities by 92%"and CyberProof's August 2025 announcement of "announced major enhancements to its Exposure". No public documentation found describing internal ticket flow, ownership handoffs, developer SLAs, or an explicit published Security Champions charter.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.