Application Security Engineer

At Sectigo, we align around our mission and pride ourselves in helping thousands of customers sleep better at night.

Sectigo is a leading provider of digital identity and cybersecurity solutions, offering a comprehensive suite of products to protect online transactions and communications. Our mission is to secure the digital landscape for enterprises worldwide.

When people think Online trust management, they think Sectigo because we offer our customers unparalleled peace of mind.”

How we show up with each other and our customers every day is just as important, and we win as #OneSectigo by living out our core values - S upport, E xcellence, C ommunication, T eamwork, I ntegrity, G rowth, and O penness. We are committed to investing in our diverse teams where everyone understands their role and how they support our strategic goals, we drive operational excellence through scale and efficiency, and we strive to delight our customers and become the market leader in our industry. If you aspire to join a driven team that holds each other accountable to meeting our lofty goals and you’d like to be part of our growth story in delivering a market-leading user experience, we’d like to talk to you.

Job Description

We are looking for an Application Security Engineer to join our growing global team at Sectigo.

As an Application Security Engineer, you will ensure the security of our applications and software systems throughout the entire software development lifecycle. You will maintain high productivity and foster collaboration among teams. Additionally, you will articulate security issues to both technical and non-technical audiences. You will also serve as a key cyber incident response team member, operating within Security Operations in a 24 / 7 and 365-day environment.

This is a full-time position working in a hybrid model, with at least 3 days a week from our Ottawa office.

Core responsibilities include :

• Assist in incident response by providing engineering support to remediate critical security bugs in production environments.
• Conduct vulnerability assessments and implement appropriate security measures for applications.
• Review and assess application security, including code reviews and penetration testing.
• Develop and implement automated processes to ensure consistent application of security best practices across projects.
• Ensure compliance with industry standards and regulatory requirements.
• Collaborate with software developers to design and implement secure application architectures.
• Work with development teams to improve the security of CI / CD processes.
• Promote a secure-by-design culture, advocating for best practices in secure coding, threat modeling, and vulnerability management.
• Develop and maintain security policies, procedures, and documentation.
• Perform security risk assessments and recommend mitigation strategies.
• Implement and manage security monitoring and incident response tools.
• Articulate security issues and solutions to both technical and non-technical audiences.
• Advocate for a security-first culture and keep stakeholders updated on emerging threats.
• Operate on a rotating 24x7 on-call schedule, including after-hours, nights, and weekends.
• Perform other duties as assigned related to this role and company initiatives.

Qualifications

Education :

• Bachelor's degree in Computer Science, Information Technology, or a related field is strongly recommended.

Experience :

• Minimum of 5 years in cybersecurity and software development.
• Hands-on experience with automated security testing tools such as SAST, DAST, and dependency scanning (e.g., Sonatype, Burp Suite, Web Inspect, Veracode, SonarQube).
• Proficiency in at least one programming language such as Python, Golang, or Java.
• Experience with Oracle SQL, including stored procedures, triggers, and secure DB configuration is a plus.
• Expertise in securing web applications built with modern frameworks in Golang and / or Java.
• Knowledge of authentication and authorization protocols (OAuth, OpenID Connect, JWT) and security standards (SSL / TLS, encryption).
• Relevant certifications such as OSCP, CISSP, CEH, or CSSLP are preferred.
• Excellent communication skills, both written and verbal.

Ideal candidate traits include :

• Basic knowledge of modern cloud technology components and deployment patterns : VMs, containers, Kubernetes, infrastructure as code.
• Strong understanding of application security principles and practices.
• Ability to work in a fast-paced, 24x7 environment.
• Willingness to travel occasionally for job-related activities.

Additional Information

Global team. Global reach. Global impact.

At Sectigo, we believe doing good is good business. Our strength and success come from passionate, engaged individuals who make a difference locally and globally. We are committed to an inclusive workforce, embracing diverse perspectives, heritages, and backgrounds. We aim to promote employees into roles that challenge and excite them, fostering growth and happiness. We strive to reflect positivity and fun in our work, delivering excellent outcomes for our customers every day.

J-18808-Ljbffr

Application Engineer • Ottawa, ON, Canada