Senior Application Security Engineer

Maplesoft implements TimeLive for Electronic time tracking.

Please view the demo below on how to enter and approve time.

Do you want to work in a dynamic environment where your contributions count?

At Maplesoft, we value the contributions of all our employees and contractors. We listen and act upon suggestions, advice, and innovative ideas to further our strategic vision. In turn, Maplesoft contributes to the communities where we live and operate. We think globally, but act in our own backyards.

Build your future with Maplesoft’s exciting technologies, deep partnerships, personal approach to consulting services, professional development opportunities and exciting company culture.

If you are interested in any of following job openings, please apply directly to info@maplesoftgroup.com, citing the position title and job id in the email subject line.

Maplesoft Group is currently seeking a Senior Application Security Engineer for our Federal Government client.

1. Security Strategy & Risk Management
   Define and own the security strategy for the Project, ensuring alignment with enterprise security policies.
   Perform threat modeling to identify potential risks and recommend mitigation strategies.
   Establish security requirements and policies, mapping them to specific product features and development initiatives.
   Monitor and track security requirements implementation across different teams, ensuring compliance with security best practices.
   Work closely with Risk & Compliance teams to ensure all security and privacy requirements are met.
2. Security Advisory & Development Support
   Act as the security point of contact (PoC) for different agile squads (Pods), ensuring security tasks are incorporated into sprint planning.
   Engage in planning ceremonies to support teams in identifying required security controls and non-functional security requirements (NFRs).
   Help engineering teams fix vulnerabilities, implement security best practices, including secure coding, identity & access management, and secure API design.
   Map which NFRs should be implemented for different product features and ensure they are enforced.
   Provide guidance on Role-Based Access Control (RBAC), secure authentication (OAuth, Entra ID), data protection, and encryption policies.
3. Security Monitoring, Incident Response & Governance
   Monitor security events to detect anomalies and handle incident response in collaboration with the Security Operations team.
   Conduct threat and risk assessments (TRA) for key features and releases, ensuring vulnerabilities are identified and addressed early.
   Define and track security metrics to measure compliance and report security status to leadership.
   Support and guide security policies implementation, ensuring alignment with corporate and industry security frameworks.
4. Security Testing & Compliance
   Conduct and review automated security scans (SAST/DAST/SCA) & penetration tests to detect vulnerabilities.
   Work with Infrastructure & Cloud Security teams to identify and remediate security risks.
   Ensure security and compliance testing is integrated into CI/CD pipelines (DevSecOps).
   Validate secure deployment practices in cloud environments (Azure), ensuring workloads are protected.
   Work with different stakeholders (lenders, banks, product owner, etc.) to collect, refine and implement security requirements.

1. Required Skills & Experience
   7+ years of experience in security advisory, application security, or cloud security roles.
   Strong expertise in threat modeling, risk assessments, and security architecture.
   Experience implementing security controls in DevSecOps, CI/CD pipelines, and cloud environments (Azure).
   Deep knowledge of SAST, DAST, SCA, container security, API security, and penetration testing.
   Familiarity with security governance, compliance standards (ISO 27001, NIST, SOC 2, GDPR, etc.).
   Ability to define and track security requirements, NFRs, and risk mitigation plans.
   Strong understanding of identity and access management (IAM), RBAC, OAuth, Entra ID (Azure AD).
   Hands-on experience with secure coding best practices, OWASP Top 10, and application security frameworks.
   Ability to work cross-functionally with engineering teams, product managers, and compliance stakeholders.
2. Preferred Skills
   Certifications: CISSP, CISM, CEH, or Azure Security-related certifications.
   Experience with SIEM tools, security automation, and incident response frameworks.
   Knowledge of zero-trust security models and microservices security.

Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people. Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.

Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans’ status, Aboriginal peoples or any other legally protected factors.

All employment decisions are made based on business needs, job requirements, and individual qualifications.

We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at info@maplesoftgroup.com.

We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.