- Develop secure software development standards and implementation across the product suite.
- Work with development teams to ensure Software Composition Analysis (SCA), Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans are on conducted on a defined cadence.
- Coordinate external application penetration testing and application vulnerability assessments
- Ensure software vulnerabilities are tracked, remediated within appropriate timelines and security exceptions are managed.
- Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.
- Use security standards and implementation configurations, as well as common security frameworks.
- Focus on application security that observes compliance - PCI DSS, SOC2 SSAE18, ISO 27001and global privacy laws.
- At least 5+ years' experience in cybersecurity, including compliance and risk management with a system and network security engineering or development background.
- Highly technical and analytical experience, with a proven deep background (preferred 5+ years' in addition to cybersecurity) in application programming
- Experience in threat modeling applications.
- Application vulnerability and penetration-testing skills is an asset
- Proficiency in software development (Java, Angular, C#, Spring, ASP.net, Python, etc.).
- Experience with SCA, SAST and DAST tools; knowledge of the Synopsys tools Coverity, Black Duck and Tinfoil is an asset.
- Understanding of frameworks such as OWASP, BSIMM, SAMM, SABSA, O-ESA etc.
- Salary Range: $70-90/hr
- Full benefits
Toronto, ON - Canada
Python Job Details
Responsibilities of the Application Security Engineer include:
Qualifications for the Application Security Engineer:
Compensation for the Application Security Engineer include: