Application Security Manager

This is a fully remote position, open to applicants in Canada.

📋 Description

• Embed security within CI/CD pipelines by providing scalable, automated tools and integrated security assessments (SAST, DAST, SCA, secret scanning);

• Facilitate secure-by-default development through the design and implementation of automated, policy-driven security review workflows;

• Establish strong security guardrails within AI-assisted development and agent workflows to mitigate risk while preserving developer productivity;

• Minimize risk exposure by proactively identifying, evaluating, and driving the remediation of application security vulnerabilities;

• Enhance the application security posture by leading threat modeling and security evaluations for new features and architectural modifications;

• Boost detection and response capabilities through the creation of automation, tools, and streamlined vulnerability management processes;

• Advance cloud and application security by collaborating with Infrastructure SecOps to strengthen Azure environments and deployment practices;

• Improve external security feedback mechanisms by contributing to and expanding the bug bounty program and vulnerability intake processes;

⛳️ Requirements

• Over 8 years of experience in application security, DevSecOps, or security-oriented software development;

• Strong background in software engineering paired with extensive security knowledge;

• Comprehensive understanding of web application security principles, OWASP Top 10, and CWE Top 25;

• Practical experience in conducting secure code reviews in C#;

• Experience in developing and maintaining security automation within CI/CD pipelines (preferably GitHub Actions);

• Solid grasp of Azure cloud services, infrastructure security, and deployment methodologies;

• Familiarity with integrating SAST, DAST, SCA, and secret scanning tools into development workflows;

• Proficient in scripting (Python, Bash) for automation and tooling purposes;

• Extensive hands-on experience with AI-assisted and agentic development workflows, along with a deep understanding of their security implications;

• Knowledge of authentication protocols such as OIDC, SAML, and OAuth;

• Capacity to effectively communicate security risks and trade-offs to both technical and non-technical audiences;

🏝️ Benefits

• Health insurance

• Flexible working hours

• Professional development opportunities