Application Security Manager

This is a fully remote position, open to applicants in Canada.

📋 Description

• Embed security into CI/CD pipelines by providing scalable, automated tools and integrated security checks (SAST, DAST, SCA, secret scanning);

• Facilitate secure-by-default development by designing and implementing automated, policy-driven security review workflows;

• Create robust security guardrails within AI-assisted development and agent workflows to mitigate risks while preserving developer speed;

• Minimize risk exposure by proactively identifying, evaluating, and driving remediation of application security vulnerabilities;

• Enhance the application security posture by leading threat modeling and security assessments for new features and architectural modifications;

• Boost detection and response capabilities through the creation of automation, tooling, and streamlined vulnerability management processes;

• Advance cloud and application security by collaborating with Infrastructure SecOps to strengthen Azure environments and deployment practices;

• Improve external security feedback mechanisms by contributing to and scaling the bug bounty program and vulnerability intake processes.

⛳️ Requirements

• Over 8 years of experience in application security, DevSecOps, or security-centric software development;

• Strong software engineering foundation coupled with extensive security knowledge;

• In-depth understanding of web application security principles, OWASP Top 10, and CWE Top 25;

• Practical experience conducting secure code reviews in C#;

• Experience in building and maintaining security automation within CI/CD pipelines (preferably GitHub Actions);

• Comprehensive understanding of Azure cloud services, infrastructure security, and deployment patterns;

• Experience in integrating SAST, DAST, SCA, and secret scanning tools into development workflows;

• Proficiency in scripting languages (Python, Bash) for automation and tooling;

• Significant hands-on experience with AI-assisted and agentic development workflows;

• Familiarity with authentication protocols such as OIDC, SAML, and OAuth;

• Capability to effectively communicate security risks and trade-offs to both technical and non-technical audiences.

🏝️ Benefits

• Health insurance

• Retirement plans

• Paid time off

• Flexible work arrangements

• Professional development

• Equipment allowances

• Wellness programs