Senior Application Security Engineer

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from PEOPLE FORCE CONSULTING INC

Senior IT Security Advisor - Application Security

Location: Hybrid - 3 days in Mississauga Office

Contract to Hire

Job Summary

The Senior IT Security Advisor - Application Security is responsible for leading efforts to identify and mitigate security vulnerabilities within the client application portfolio. This role requires a deep understanding of application security, risk management, and the ability to work collaboratively with cross-functional teams to enhance our security posture.

Key Accountabilities

1. Integrate security pipelines into the development process, implementing the “Shift-left” and “Fail the Build” methodologies.
2. Implement Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and Penetration Testing (PT) activities.
3. Manage and prioritize vulnerabilities, collaborating with IT departments to address them based on risk levels.
4. Protect APIs by leveraging technology to understand and mitigate vulnerabilities, including scanning and alerting on API attacks.
5. Provide advisory services to new and existing projects and inculcate the Security by Design culture.
6. Identify, assess, and document security risks within projects, supporting the definition of strategies to mitigate them effectively to comply with security standards.
7. Identify security weaknesses, vulnerabilities, and gaps in the existing technology stack and recommend remediation strategies.
8. Conduct comprehensive security assessments on initiatives of various sizes.
9. Advise business on information security and privacy matters.
10. Evaluate existing security solutions and propose enhancements to streamline processes.
11. Maintain a solid understanding of web application development.
12. Extensive knowledge of the OWASP Top 10 and web application exploitation techniques, and their respective countermeasures.
13. Experience implementing ISO 27001/NIST/PCI-DSS controls or performing threat analysis for IT projects, including security scanning, assessments, and pentesting.
14. Knowledge and experience with CICD pipelines, DevOps, DevSecOps, and secure code development.
15. Experience performing and coordinating security tests: vulnerability scans, web application penetration tests, infrastructure penetration tests, network segmentation tests.
16. Proficient in reviewing architecture and solution design documentation to identify and assess potential risks.
17. Review Technical Design documents and perform risk assessments to complete Security Design documents.
18. Strong experience leading complex projects from start to finish and providing security advice to ensure risks are identified and mitigated.
19. Able to reason about security decisions and communicate ideas clearly to both engineers and business teams.
20. Excellent relationship management with key stakeholders across various departments.
21. Coach and mentor developers, engineers, and security staff to enhance their efficiency and effectiveness.
22. Develop the application security process to its full potential and maintain its trajectory to maturity.
23. Mature the security in development process.
24. Provide leadership in the Application Security domain.
25. Maintain compliance with Bill 198, SOC2, and PCI DSS controls.
26. Manage and enhance security processes and technologies to identify, deter, investigate, and remediate security events.
27. Manage relationships and negotiate with key vendors.
28. Inculcate the Security by Design culture with all IT teams.
29. Develop documentation to support technical issues and training.

Qualifications and Skills:

• Bachelor’s degree in computer science, information technology, or cybersecurity; postgraduate degree preferred.
• At least five years in a security domain, preferably Application Security or Risk Management.
• Proficiency with security testing tools such as Veracode, Tenable, and Azure.
• Experience as an Information Security Architect is highly advantageous.
• Knowledge of Azure Data Lakes, Windows SQL, and PostgreSQL is beneficial.
• Experience working in PCI DSS and SOC 2 compliant environments.
• Knowledge of Canadian privacy laws; familiarity with UK GDPR and US regulations is a plus.

• Mid-Senior level

• Contract

• Other

• IT Services and IT Consulting

Referrals increase your chances of interviewing at PEOPLE FORCE CONSULTING INC by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.