Senior Application Security Engineer

Position Summary: With team members and customers in 39 countries around the globe, HostPapa is one of the fastest-growing web hosting companies offering a wide range of products. We provide individuals and small and medium-sized businesses with access to valuable tools and services critical to their online success, including a Website Builder service. Our award-winning customer support, email, and cloud-based solutions keep HostPapa at the cutting edge of the web hosting industry by putting our customers first.

As the Senior Application Security Engineer, you will be the expert link between engineering and security, protecting our applications and data end-to-end, proactively uncovering and mitigating vulnerabilities, embedding security into the CI/CD pipeline, championing a security-first culture, guiding secure design, supporting incident response, and providing clear security expertise to internal teams and external partners, and customers.

• Perform application security reviews, threat modeling, and manual and automated code analysis, then prioritize and drive remediation with engineering
• Partner with development, DevOps, and SRE to integrate security into the SDLC and CI/CD, including policy gates, automated checks, and secure coding guidance
• Investigate production security incidents, coordinate containment and eradication, and lead post-incident improvements
• Develop and deliver security training, playbooks, and guidance to raise security maturity across engineering teams
• Serve as the technical point of contact for partners and customers on security topics and reviews
• Evaluate, implement, and manage SAST and DAST tools, expanding automation to increase coverage and reduce toil
• Support other tasks or projects as assigned to meet team and business needs

• Have 5+ years in application security, penetration testing, or a closely related role
• Hands-on with penetration testing and vulnerability assessment tools (Burp Suite, Nessus, Qualys) and static analysis tools (SonarQube, Fortify, AppScan Source)
• Proficient in at least one major programming language (Python, Java, or C#)
• Familiar with major clouds (AWS, Azure, or GCP) and container/orchestration platforms (Docker, Kubernetes)
• Deep understanding of web application vulnerabilities (OWASP Top 10) and mitigation techniques, with experience in threat modeling, risk assessment, and secure coding
• Clear, collaborative communicator who can translate complex security concepts for diverse audiences and tackle problems proactively
• Relevant certifications such as OSCP or OSCE (completed or in progress)
• Exceptional English fluency (written and spoken), plus strong analytical and problem-solving skills

• Work from anywhere - this is a remote opportunity
• A competitive salary that values you and your unique skill sets
• Career advancement & professional development opportunities to help you reach your full potential
• Flexible work arrangements to support work/life balance

At HostPapa, we’ve been committed to providing a complete array of enterprise-grade cloud services solutions to every business owner since 2006. These services, traditionally out of reach to smaller businesses, are offered in a one-stop shop, making it quick and easy for customers to select the services they need to grow. We back these offerings with 24/7 award‑winning customer support in four languages.

Our HostPapa team values diversity and inclusion. We have a friendly company culture built on trust and respect. With the acquisition of several companies into our product portfolio, we’re growing at an incredible rate and have ample opportunities for career growth.

Come join our talented team of enthusiastic, hard-working, passionate, driven people engaged in meaningful, innovative work. We can’t wait to meet you!

HostPapa is an equal-opportunity employer committed to diversity and inclusion. We encourage individual achievement and recognize the strength of our diverse team.

HostPapa is committed to providing accommodations for people with disabilities. If you require accommodation, please let us know, and we will work with you to meet your needs. Accommodation may be provided in all parts of the hiring process.

It is anticipated that this position will be performed outside of Ontario.