Own and lead the delivery of large, multi-quarter Application Security and Engineering initiatives, breaking them into smaller, shippable iterations.
Dive into framework internals and improve existing complex application security architectures (e.g., microservices, authentication systems, and API security).
Balance tradeoffs and select appropriate security technologies and tooling (SAST, DAST, SCA) through researching, prototyping, and validation.
Provide guidance and incorporate guardrails for securing AI-based workflows.
Drive toward simplicity and easy-to-understand application security solutions.
Collaborate deeply with Product Engineering and DevOps teams to ensure secure technical implementations for highly complex, cross-group projects and features.
Proactively identify emerging industry threats, particularly in the application and cloud space, assess potential risk to the business, and recommend mitigative actions and controls.
Act as a trusted advisor to engineering and leadership on a broad range of application security and risk-based topics.
Operate as Incident Commander for large-scale, highly complex security incidents, focusing on application and data breach response, actively pursuing cross-functional resources as appropriate.
Partner cross-functionally on security process best practices and continuous improvement, embedding a culture of security into the SDLC.
Focus on fostering an environment of inclusion, allowing voices to be heard and valued at all levels.

Requirements

5+ years of dedicated experience in an Application Security, Product Security, or Security Engineering role.
Expert-level knowledge of the Software Development Life Cycle (SDLC) and experience implementing security gates (SAST/DAST/SCA) within CI/CD pipelines.
Deep technical understanding of common web application security vulnerabilities (OWASP Top 10) and mitigation strategies.
Familiarity with Cloud Security (AWS, GCP, or Azure) and container security concepts.
Strong working knowledge of identity and access management (IAM), authentication protocols (OAuth, SAML), and API security best practices.
Demonstrated ability to communicate clearly, build trust, and partner effectively across technical and non-technical departments.

Benefits

Unlimited Paid Time Off
Work from anywhere in Canada and USA
Health and Dental benefits
Up to $1,500 USD/ $2,025 CAD towards IT set up for your home
Up to 2% matching RRSP / 401K
Learning and Development opportunities
Up to $50 USD/ $67.50 CAD towards Internet/Cell phone service

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Application SecuritySecurity EngineeringSoftware Development Life Cycle (SDLC)SASTDASTSCAweb application security vulnerabilitiesCloud Securityidentity and access management (IAM)authentication protocols

Soft Skills

communicationtrust buildingcollaborationinclusionguidanceproactive identificationincident managementcross-functional partnershipcontinuous improvementsimplicity