Application Security Specialist

About The Position

Requirements

• Bachelor's degree in Computer Science, Software Engineering, Information Security, or a related discipline, or an equivalent combination of education and experience.
• Minimum of 5 years of experience in Application Security, Security Engineering, Cloud Security, or a related cybersecurity function.
• Strong knowledge of application security, secure software development, security testing methodologies, secure coding practices, and secure product design.
• Strong understanding of cloud security principles, cloud-native architectures, secure configuration, automation, and cloud security services.
• Experience securing APIs, web services, microservices, and modern software architectures.
• Experience with scripting languages such as Python and Bash.
• Experience with one or more development languages including Java, Node.js, C#, or .NET.
• Strong understanding of threat modeling methodologies and secure design principles.
• Knowledge of information security frameworks, risk management practices, regulatory requirements, and industry standards.
• Good understanding of networking concepts, cloud networking, and the modern threat landscape.
• Hands-on experience with: DevSecOps and CI/CD security controls, Secret management platforms, Container and Kubernetes security, Service mesh technologies, Web Application Firewalls (WAF), API gateways and API security, Cloud workload protection and cloud security posture management, Infrastructure as Code (IaC), Policy-as-Code and Compliance-as-Code frameworks, GitOps practices, Security automation and incident response.

Nice To Haves

• Professional certifications such as CISSP, CSSLP, OSCP, CEH, GIAC, Azure Security, AWS Security, or equivalent demonstrated expertise are considered strong assets.
• Strong problem-solving and analytical skills.
• Excellent communication and stakeholder management abilities.
• Ability to influence and collaborate across technical and business teams.
• Strong autonomy, organizational skills, and time management.
• Ability to manage multiple priorities in a dynamic environment.
• Continuous improvement mindset and passion for advancing security practices.

Responsibilities

• Serve as the primary advisor for application security across architecture, engineering, and secure software development practices.
• Lead threat modeling, security design reviews, and risk assessments for critical initiatives.
• Define, implement, and continuously improve security controls, baseline configurations, and secure development standards.
• Assess and enhance the effectiveness of security controls across CI/CD pipelines and application platforms, including web, mobile, desktop, containerized, and commercial off-the-shelf solutions.
• Own and evolve application and cloud security services, including tool evaluation, onboarding, configuration, optimization, testing, and operational support.
• Drive security automation and establish repeatable security guardrails throughout the software development lifecycle.
• Partner with engineering, product, architecture, platform, and business teams to design and implement secure solutions.
• Advise development teams on vulnerabilities, remediation strategies, secure coding practices, and security-by-design principles.
• Develop training materials, secure coding guidelines, design patterns, and technical documentation.
• Facilitate knowledge-sharing sessions, communities of practice, and security awareness initiatives to strengthen organizational security maturity.
• Act as a subject matter expert for application security, cloud security, and secure software delivery practices.

Benefits

• On-site gym with a personal trainer
• Employer-provided lunch of your choice
• Comprehensive group insurance
• Group RRSP plan
• Care & Well‑Being Activities
• Partial reimbursement for public transportation
• Employee Assistance Program