Application Security Analyst II

Join to apply for the Application Security Analyst II role at First National Financial LP.

We are hiring an Application Security Analyst II, Information Security!

Reporting To: Application Security Manager

Employment Type: Full-time

Posting Date: May 16, 2025

Closing Date: May 30, 2025

Hours of Work: 8:30 a.m. – 5:00 p.m.

Location: Toronto, ON — Great location, steps from the main public transit station

Highly competitive compensation package including base salary, bonus, benefits, and career growth opportunities.

Seeking an Application Security Analyst II experienced in risk analysis, vulnerability assessments, and security frameworks. Your role involves supporting security risk assessments, establishing security processes, educating teams, and ensuring compliance with security standards.

• Analyze and document security processes, policies, and controls to ensure compliance with frameworks and regulations.
• Provide security recommendations based on technical and architectural assessments.
• Conduct security reviews during software development and assist in managing stakeholder relationships.
• Manage and coordinate secure code reviews, including DAST and SAST testing.
• Perform vulnerability assessments for web, mobile, and cloud applications, including VAPT.
• Review configurations of Web Application Firewalls (WAF).
• Collaborate with development teams to integrate security controls within the SDLC.
• Support the development of a long-term application security roadmap and create threat models.
• Evaluate and manage AppSec vendors and solutions.

• 3-5+ years in web and mobile application security within SSDLC.
• Strong understanding of application architecture and design.
• Proficiency in penetration testing tools (e.g., Burp Suite, Fortify, Kali, Metasploit).
• Knowledge of programming languages (.Net, C#, JavaScript), cloud platforms (Azure), and database security.
• Familiarity with WAFs, security frameworks (OWASP, CWE), and participation in Bug Bounties or CTFs is a plus.

• Excellent verbal and written communication skills.
• Strong analytical and problem-solving skills.

• Post-secondary education or technical certifications.
• Preference for CISSP; OSCP is a plus.

• Office setting with periods of high workload and tight deadlines.
• Sitting for extended periods, repetitive keyboard/mouse use, and screen time.

• Competitive pay and benefits.
• Hybrid work environment.
• Training and development programs.
• Modern, collaborative office space.
• Supportive culture and community involvement.

First National, established in 1988, is a leading Canadian non-bank lender specializing in residential and commercial mortgages. Recognized as a great place to work, we value diversity and inclusion.

We thank all applicants; only those selected for an interview will be contacted.