Application Security Engineer

79945
Toronto, Ontario
Contract
12 days ago

As an Application Security Engineer within the Information Security Department, you will be responsible for building security into all products end-to-end. You will be both hands-on technical and influential, where you will be expected to directly communicate with cross-functional teams in Product, Development, and DevOps. You will be responsible for analyzing the security of applications and services, discovering, and addressing security issues, building automation, and decisively taking action to mitigate emerging threats throughout the Secure Software Development Lifecycle (SSDLC).
 
What you will do:

  • Collaborate with product and development teams to ensure the adoption of SSDLC best practices across the entire application lifecycle (SAST, SCA, DAST, WAF, ASPM, etc.).
  • Perform code reviews and penetration tests to discover and exploit vulnerabilities in our client’s products (web/mobile/thick/API/cloud)
  • Write code to implement security policies and controls for well-known orchestration platforms (GitLab, Jenkins, etc.).
  • Participate in vulnerability management operations, such as: retesting and reprioritizing vulnerabilities, reviewing code changes, approving proposed remediations, etc.
  • Perform white box testing on a portfolio of products.
  • Contribute technical and procedural documentation towards the organization’s knowledge base.

What you will bring:

  • Ability to think offensively like a hacker and defensively by evaluating applications and architecture.
  • Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts.
  • Read and write multiple programming languages. Java, C#, JavaScript, Apex, and Python are highly valued, but others will help too.
  • Demonstrated knowledge of security best practices, principles, and common frameworks, such as: OWASP, NIST, ISO, SOC, etc.
  • A minimum of 2-3 years of work experience directly related to penetration testing, bug bounty hunting, exploit research and development or application security testing
  • Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, bug bounty, etc.
  • Experience with Veracode 
  • Microservice architecture expertise and best practices in securing APIs across multi-cloud environments.
  • Relevant industry certifications, such as: OSCP, OSWE, GPEN, GWAPT, etc.
  • Ability to penetration test Cloud Native Applications running on a major cloud provider infrastructure such as: Microsoft Azure, Amazon AWS or Google Cloud Platform

The pay range that the employer reasonably expects to pay for this position is between CA$60.00 and CA$70.00

Our voluntary benefits offering includes medical, dental, vision and retirement benefits.

Applications will be accepted on an ongoing basis.

Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.

Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.

Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!

Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.

Open ears. Open minds. Open futures