Lead Applications Security Engineer

This is a fully remote position, open to applicants in Canada.

📋 Description

• Facilitate threat modeling sessions for applications, microservices, APIs, and AI/LLM-enabled systems.

• Develop reusable security patterns and lead secure design evaluations for product and platform architectures.

• Manage AppSec initiatives from start to finish and implement risk-reduction strategies throughout R&D.

• Persuade engineering and product leaders to embrace secure practices through clear guidance and justification.

• Perform security evaluations for new features, cloud architectures, and AI/GenAI functionalities.

• Deploy and enhance AppSec tools such as SAST, DAST, IAST, SCA, IaC scanning, and container security.

• Create metrics, dashboards, and scalable process enhancements.

• Promote security practices across R&D and contribute to the development of internal standards for secure development.

• Investigate emerging technologies and encourage continuous learning within AppSec and the Security Champions community.

⛳️ Requirements

• A minimum of 7 years of experience in Application Security, Product Security, Secure Software Development, or a related security engineering field.

• Extensive knowledge of secure design and development principles, including the OWASP Top 10, OWASP ASVS, and contemporary application security best practices.

• Proven ability to lead threat modeling sessions, security architecture evaluations, and risk assessments for intricate applications and services.

• Practical experience with application security tools, including SAST, DAST, SCA, IaC, as well as container and cloud-native security solutions.

• Strong analytical and problem-solving abilities, capable of identifying security vulnerabilities, assessing trade-offs, and crafting practical, scalable solutions.

• Demonstrated success in influencing engineering teams and technology leaders through collaboration, technical knowledge, and sound, risk-based decision-making.

• Experience in promoting the adoption of secure development methodologies and integrating security into engineering workflows and SDLC processes.

• Exceptional communication skills, with the capability to convert complex technical concepts into actionable guidance for both technical and executive audiences.

• A proven history of spearheading security initiatives, establishing standards, and achieving measurable enhancements to an organization's security posture.

• A passion for mentoring engineers, cultivating a security-first culture, and enhancing the security capabilities of development teams.

🏝️ Benefits

• Equity for all employees.

• Flexible time off and paid volunteer days.

• RRSP and 401k match.

• Training and career development programs.

• Comprehensive private benefits plan including medical, mental health, dental, disability, life and AD&D, and value-added services.

• Robust Employee Assistance Program (EAP) with mental health services.

• Fertility support and paid parental leave.