Implement “Security by Design” within agile software development and cloud-native environments.
Act as a Subject Matter Expert (SME), mentoring, coaching, and supporting all security engineering efforts across the organization.
Define, organize, and implement application security policy, process, standards, and guidelines.
Helping engineering teams design and build high-performing, secure applications by mitigating security issues in a risk-based manner.
Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
Be a driving force in establishing a strong security culture within platform engineering teams.
Lead Threat Modeling as a core principle for the Secure by Design strategy.
Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io.
Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team.

Requirements

Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security
Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP).
Ability to build maintainable components in Go or Python.
Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows).
Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s).
Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
Bachelor's degree in Computer Science or equivalent practical experience.

Benefits

Industry competitive compensation and equity plan
Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
Full medical coverage (Extended health care, dental, vision)
Top-of-line equipment
In-office workspace (Vancouver, BC Canada)
Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
Events and activities both team-based and company wide that inspire, educate and cultivate

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Secure by DesignApplication SecuritySecure ArchitectureSystem DesignGoPythonContainerizationTerraformKubernetesApplication Security Tools

Soft Skills

MentoringCoachingSupportingOrganizational SkillsLeadershipCommunicationRisk ManagementProblem SolvingCollaborationChampioning Security Culture

Certifications

Bachelor's degree in Computer Science