Pay Range : CAD 75-80/hr Application Security Strategy & Advisory • Act as the Subject Matter Expert (SME) for application security across enterprise platforms and development teams • Define and enhance the organization’s application security strategy, standards, and control frameworks • Provide expert guidance on secure design, secure coding, threat mitigation, and vulnerability management • Partner with engineering and architecture teams to embed security-by-design principles into applications and digital initiatives Secure SDLC / DevSecOps Enablement • Drive implementation and maturity of the Secure Software Development Lifecycle (SSDLC) • Integrate security controls and testing into CI/CD pipelines and DevSecOps workflows • Enable use of security tools and automation across build and release processes • Promote a shift-left security approach to detect and remediate issues early in the development lifecycle Architecture Reviews & Threat Modeling • Perform application architecture and design reviews to identify security risks and recommend remediation strategies • Lead threat modeling sessions for web, mobile, API, and cloud-native applications • Review application components for vulnerabilities related to authentication, authorization, session management, input validation, data protection, and API security • Recommend secure reference architectures, reusable security patterns, and implementation guardrails Security Testing & Vulnerability Management • Lead or support application security assessments, including: o Static Application Security Testing (SAST) o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o API Security Testing o Manual security reviews and penetration testing coordination • Analyze, triage, and prioritize vulnerabilities based on risk and business impact • Work closely with development teams to track remediation and validate closure of security issues • Support secure management of open-source components and third-party libraries Cloud & Modern Application Security • Provide security guidance for modern application environments, including: o Microservices and APIs o Containers and Kubernetes o Cloud-native applications o Serverless and event-driven architectures • Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP Compliance, Governance & Risk • Ensure application security practices align with internal security policies and external standards/regulations • Support compliance requirements related to secure development and application security controls • Contribute to audit responses, control evidence collection, and security risk assessments • Develop security metrics, dashboards, and reporting to track application security posture and control effectiveness

Required Qualifications • Bachelor’s degree in Computer Science, Information Security, Engineering, or related field • 8+ years of experience in application security, secure software engineering, cybersecurity architecture, or related roles • Proven experience implementing and managing application security programs in enterprise environments • Strong understanding of: o Secure SDLC / SSDLC o DevSecOps principles o OWASP Top 10 o API Security Top 10 o Common software and web application vulnerabilities • Hands-on experience with application security testing tools such as: o SAST: Checkmarx, Fortify, Veracode, SonarQube o DAST: Burp Suite, AppScan, Acunetix o SCA: Snyk, Black Duck, Mend/WhiteSource • Experience in threat modeling methodologies (e.g., STRIDE) • Strong knowledge of authentication, authorization, encryption, secrets management, and secure design principles • Experience working with cloud platforms such as Azure, AWS, or GCP • Strong verbal and written communication skills with ability to work across technical and non-technical stakeholders

Preferred Qualifications • Experience in highly regulated industries such as Banking, Financial Services, Insurance (BFSI), healthcare, or public sector • Familiarity with security requirements related to standards/frameworks such as: o NIST o ISO 27001 o PCI-DSS o SOC 2 o OSFI guidance (for Canada-based roles) • Experience with CI/CD platforms such as Azure DevOps, Jenkins, GitHub Actions, or GitLab • Exposure to container security, Kubernetes security, and cloud workload protection • Familiarity with red team / blue team collaboration for application-layer attack simulation and response readiness

Preferred Certifications • CISSP • CSSLP • CISM • CEH / GWAPT / OSCP (nice to have) • Cloud Security certifications (Azure / AWS / GCP)