Senior Application Security Developer

About the Role:

As a Senior Application Security Developer, you’ll help scale our static and dynamic code analysis, handle manual and automated pen-testing, threat modeling, and lead the overall improvement of our AppSec posture. You’ll collaborate alongside DevOps, QA, and Engineering to improve the security of applications architected on the cloud (AWS) in a microservices-based environment.

What You’ll Do:

• Evaluate our security technology, methodology, and tools to better the software development life cycle
• Help train developers, and QA personnel to the appropriate level of software security knowledge to perform their responsibilities
• Improve and support application security tool services including static analysis, dynamic testing, software composition analysis tools
• Support incident response and architecture review processes whenever application security expertise is needed
• Manage routine penetration testing services, including both expert consulting and managed services
• Provide manual penetration testing and standards gap analysis services to internal business and technology partners
• Support, improve, and maintain secure development standards and application security framework projects
• Support Vendor Management activities to ensure third party software and development meet security standards
• Integrate threat modeling practices into the product development life cycle
• Provide security requirements for test driven design to assess control effectiveness
• Produce metrics reporting the state of application security programs and performance of development teams against requirements

What We Look For:

• 5+ years of relevant work experience.
• Experience with agile development processes and have experience integrating secure development practices into the model
• Experience writing and testing web applications, mobile applications and microservices
• Familiarity with GraphQL architecture and security best practices
• Basic understanding of authentication and authorization schemes including OAuth
• Familiarity with a variety of development and testing tools
• Experience working with one or more SAST, DAST and IAST tools
• Ability to explain vulnerabilities and weaknesses, and discuss effective defensive techniques
• Experience with cyber security attacks and mitigation methods (red/blue team experience)
• Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection
• Expertise in employing analytics and threat intelligence techniques, Incident response process; Software security
• Experience in IT supply-chain risk management and assurance, as well as cloud security operations

Nice to Have:

• Basic familiarity with Python for security tool automation would be a plus.

What We Offer You:

• Competitive salary and stock option plan
• 100% paid coverage of medical, dental and vision insurance
• Flexible PTO
• Competitive 401(k) and RRSP program
• Opportunities for professional growth and development
• Paid parental leave
• Health wellness initiatives

The compensation range of this position in Canada is $150,000 - $250,000 CAD annually plus equity and benefits. Within this range, an individual's base pay will be dependent on a variety of factors, including without limitation, job-related knowledge, skills, education, and experience.

#BI-Remote