Senior Application Security Specialist

About The Position

Requirements

• Strong understanding of information security controls, vulnerability management, and risk management frameworks (NIST CSF, ISO 27001/27002).
• Experience working with Cloud technologies (Azure, AWS, Ali Cloud)
• Knowledge of cybersecurity principles, internal controls, and risk management tools.
• Proficiency in data visualization tools (Tableau, Power BI) and statistical data analysis.
• Hands‑on experience with tools such as JIRA, Confluence, and Microsoft 365.
• Experience with cybersecurity assessment frameworks (PTES, OWASP, OSSTM) and penetration testing.
• Understanding of legal and regulatory requirements related to cybersecurity and IT governance.
• Excellent communication skills to effectively convey risk assessments and security recommendations.
• Knowledge of ticketing and tracking tools such as ServiceNow – Security Operations, GRC systems like Archer.
• Understanding of legal and regulatory requirements related to technology risk management
• Familiarity with cybersecurity governance frameworks and their implementation
• Knowledge of statistical data analysis and reporting toolsets
• In-depth knowledge of risk assessment methodologies and risk management frameworks.
• Proficiency in using risk assessment tools and software.

Nice To Haves

• CISSP, CSSLP, OSCP, GWAPT or equivalent industry-recognized security certifications.
• Cybersecurity, Security Monitoring Vulnerability Assessment, Penetration Testing Threat Modeling, Security Assessment, Security Testing Cyber Threat Intelligence

Responsibilities

• Perform code scanning, validation, tuning, and optimization using SAST, DAST, and SCA tools (e.g., Snyk, Burp Suite, SonarQube, Veracode, and Checkmarx) to ensure accurate, prioritized, and actionable remediation results.
• Conduct penetration testing, code scanning, secrets management (GitGuardian), and threat modeling for business applications to determine risk ratings and prioritize the vulnerabilities discovered along with the organization's remediation timelines.
• Execute intake, triage, analysis, and reporting procedures for security assessments.
• Experience working with code repositories such as GitHub and with CI/CD pipelines in Azure DevOps.
• Coordinate assessment and risk analysis activities, evaluate governance processes, and recommend improvement opportunities.
• Supports establishment, development, and maintenance of risk governance frameworks, risk assessment methodologies, risk metrics reporting, and risk management compliance protocols.
• Conduct vulnerability assessments and prioritize remediation activities in collaboration with stakeholders.
• Document findings and collaborate with cross-functional teams to implement corrective actions.
• Work closely with senior security engineers, product partners, architects, and cross‑functional teams in Agile/DevOps environments.
• Communicate risk and compliance assessments and recommendations to business units and senior management.
• Lead and participate in meetings to review outstanding vulnerabilities and clarify business and technical impacts.
• Develop and report actionable KPIs and KRIs aligned with application security policies and standards.
• Analyze cyber defense policies for compliance with regulations and organizational standards.
• Lead meetings to analyze risk indicators and develop executive-level dashboards.
• Maintain comprehensive documentation of governance processes and contribute to policy updates.
• Stay updated on evolving cybersecurity threats and contribute to enhancing risk reporting processes.
• Provide professional advice and take a lead role in process or program execution.
• Be accountable for own work and contribute to setting standards through expertise in own job discipline that impacts other deliverables.

Benefits

• health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans.
• various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources.
• generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence.