Senior Application Security Specialist

The AIR MILES Reward Program is one of Canada’s most recognized loyalty programs, with over 10 million active collector accounts, representing more than half of all Canadian households. AIR MILES collectors earn Reward Miles at more than 300 leading Canadian, global, and online brands and at thousands of retail and service locations across the country. AIR MILES is a wholly-owned subsidiary of the Bank of Montreal (BMO), Canada’s oldest bank and the 8th largest in North America with more than 12 million customers globally.

The Sr. Application Security Specialist is responsible for designing, evaluating, and supporting application and cloud security capabilities in support of AIR MILES' security and compliance programs. This role requires well-developed technical skills, familiarity with network, system, and application architecture, and an understanding of the technical security landscape. Key activities include application security reviews, consulting on system architecture, and securing cloud environments at scale. The role involves establishing standards, participating in investigations, and providing guidance to align with industry best practices.

1. Review system and solution architecture.
2. Consult with software developers and support improvements to application security.
3. Conduct risk assessments and collaborate with stakeholders to mitigate risks.
4. Perform audits and testing on infrastructure and application controls, and coordinate remediation activities.
5. Work with third-party service providers to support security initiatives.
6. Contribute to monthly security metrics reporting.
7. Build relationships with internal stakeholders, stay updated on emerging technologies and risks, and identify opportunities for security improvements.
8. Advise on internal security policies and baseline standards.

• Experience with DAST testing on web applications or penetration testing of applications or network environments.
• Ability to create security assessment reports and present findings to clients.
• Proven experience working in cross-functional projects and managing remediation activities enterprise-wide.
• Strong communication skills, especially in diplomatic contexts to promote policy adoption.
• Minimum of 6 years of full-time experience in information security or related fields.
• Familiarity with information security standards and IT frameworks.
• Knowledge of Security Governance, Risk & Compliance, and security audit practices.
• Experience across multiple security domains such as access control, application and system development, operations security, network security, BCP/DR, etc.
• Solid understanding of network security components like firewalls, routers, IDS, SIEM, and anti-malware solutions.
• Strong knowledge of cloud security architecture and controls in environments like MS Azure and AWS.
• Hands-on experience with cloud environment deployment and management.
• Deep understanding of web application architecture, SSO technologies, and HTTP/HTTPS protocols.

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Information Technology

Industries: IT Services and IT Consulting

Note: This job posting appears to be active.