Lead Applications Security Engineer

About The Position

Requirements

• 7+ years of experience in Application Security, Product Security, Secure Software Development, or a related security engineering discipline.
• Deep expertise in secure design and development principles, including the OWASP Top 10, OWASP ASVS, and modern application security best practices.
• Proven experience leading threat modeling exercises, security architecture reviews, and risk assessments for complex applications and services.
• Hands-on experience with application security tooling, including SAST, DAST, SCA, IaC, container, and cloud-native security solutions.
• Strong analytical and problem-solving skills, with the ability to identify security risks, evaluate tradeoffs, and develop practical, scalable solutions.
• Demonstrated ability to influence engineering teams and technology leaders through collaboration, technical expertise, and sound risk-based decision making.
• Experience driving the adoption of secure development practices and integrating security into engineering workflows and SDLC processes.
• Excellent communication skills with the ability to translate complex technical concepts into actionable guidance for both technical and executive stakeholders.
• Proven track record of leading security initiatives, establishing standards, and delivering measurable improvements to an organization's security posture.
• Passion for mentoring engineers, fostering a security-first culture, and elevating the security capabilities of development teams.

Nice To Haves

• Experience securing cloud-native applications and architectures in AWS, Azure, or GCP environments.
• Knowledge of AI and GenAI security concepts, including the OWASP Top 10 for LLM Applications, model and agent security risks, and secure AI system design.
• Experience supporting large-scale SaaS platforms, highly distributed systems, or organizations operating in regulated environments.

Responsibilities

• Lead threat modeling exercises for applications, microservices, APIs, and AI/LLM-enabled systems
• Define reusable security patterns and drive secure design reviews for product and platform architectures
• Own AppSec initiatives end-to-end and drive risk-reduction programs across R&D
• Influence engineering and product leaders to adopt secure practices through clear guidance and rationale
• Conduct security assessments for new features, cloud architectures, and AI/GenAI capabilities
• Implement and optimize AppSec tooling including SAST, DAST, IAST, SCA, IaC scanning, and container security
• Establish metrics, dashboards, and scalable process improvements
• Drive R&D wide security practices and help shape internal standards for secure development
• Explore emerging technologies, and promote continuous learning within AppSec and the Security Champions community

Benefits

• Equity for all employees
• Flexible time off and paid volunteer days
• RRSP and 401k match
• Training and career development programs
• Comprehensive private benefits plan including medical, mental health, dental, disability, life and AD&D, and value-added services
• Robust Employee Assistance Program (EAP) with mental health services
• Fertility support and paid parental leave