Application Security Analyst II

Established in 2004, we are a tech pioneer offering world-class adult entertainment and games on some of the internet’s safest and most popular platforms. With the support of an international team of dynamic and collaborative innovators, we are on a mission to enable safe user experiences and empower our communities by celebrating diversity, inclusion, and expression — all while maintaining robust trust-and-safety protocols.

We embrace the best of both worlds! Local talent can thrive in our collaborative office space with the flexibility of a hybrid work environment, while remote team members play an integral role in shaping our dynamic culture from afar. We have offices in Montreal (Quebec), Austin (Texas) and Nicosia (Cyprus).

*A select number of positions require full-time in office attendance*

As an Application Security Analyst II, you will play a critical role in strengthening the organization's security posture and safeguarding data and applications from security threats. You will work closely with Engineering, Product, and DevOps teams to implement the Secure Software Development Lifecycle (SSDLC), establish security best practices, and ensure the continuity of business operations.

What you’ll be doing:

• Validate internal, external, and crowd-sourced application security findings, and clearly communicate them to engineering teams.
• Collaborate with developers to share knowledge and implement security best practices.
• Create and utilize code- and tool-based solutions to address application security issues.
• Identify and assess gaps in the organization’s security posture, particularly from an application security perspective.
• Participate in and act as a subject matter expert for core operations such as vulnerability management and cryptographic operations (e.g., Bug Bounty programs).
• Create and maintain comprehensive documentation, standards, and policies related to tooling, processes, and procedures.
• Propose and assist in the implementation of projects, tools, and technologies that benefit Engineering and the Application Security (AppSec) team.
• Promote awareness and integration of the SSDLC across engineering teams.
• Support junior analysts with task execution and technical troubleshooting.
• Conduct threat modeling and threat hunting assessments.
• Provide guidance on best practices and remediation strategies for GCP/AWS cloud configurations (Terraform & Kubernetes).
• Perform regular audits of features and full applications across Web, API, Mobile, Cloud, and Thick Client infrastructures.
• Stay current on the latest trends, vulnerabilities, and threats in the information security landscape, as well as compliance frameworks such as PCI-DSS and NIST.

What you’ll need to successful:

Must haves:

• A minimum of 3 years of experience in a similar application security role.
• A university or college degree in Information Security, Computer Science, or a related field.
• Proficiency in programming languages such as PHP, Java, Python, or Go.
• eLearnSecurity Junior Penetration Tester (eJPT) certification.

Nice to haves:

• Offensive Security Certified Professional (OSCP).
• Offensive Security Web Expert (OSWE).
• An active Bug Bounty profile.
• eLearnSecurity Junior Penetration Tester (eJPT) certification or similar certification.
• Experience developing open-source offensive security tools.
• Familiarity with tools such as SonarQube, GitLab Pipelines, SBOMs, and Burp Suite.

As an equal opportunity employer, we celebrate diversity and are committed to creatingan inclusive environment for all employees

In this role you may be exposed to adult content

*

indicates a required field

First Name *

Last Name *

Email *

Phone

Resume/CV

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Select...

LinkedIn Profile/ Profile Linkedin

Select...

Select...

Select...

FRENCH TO FOLLOW:

This disclaimer is to notify you that personal data relating to you has been collected by Aylo (“Controller”). This includes your personal data either submitted by you, obtained from publicly available sources (e.g., LinkedIn), or provided to us by someone with your consent, referred you for potential employment. Note that, you can withdraw your consent at any time by reaching out to us.

Your personal data has been collected and will be processed by Controller for the following purposes:

• managing our recruitment related activities;
• setting up and conducting interviews and tests for you;
• evaluating and assessing the results pertaining to interviews and tests; and
• for purposes otherwise needed for evaluating your candidacy for employment at our company

provided however, that we may not process your data for all of the aforementioned purposes.

Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by a Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data has been transferred to the United States subject to appropriate additional safeguards under Standard Contractual Clauses.

Your personal data will be retained by Controller as long as we determine it is necessary to evaluate your application for employment and according to our data retention period specified in our privacy policy.

If you would like to know more about our privacy/data retention policy, feel free to check out our privacy policy.

*******************************************************************************************