Application Security Engineer

Think Research

Remote in Canada
Job Function
Remote in Canada | Deployment | Intermediate

We are seeking a highly motivated individual with a strong background in software development. The ideal candidate will have transitioned from a development role into security and have experience in threat modelling, application penetration testing, and vulnerability management.


You Will Have The Opportunity To: 

– Lead the effort to identify potential security risks to the organization’s applications and systems through the creation and maintenance of threat models.

– Perform security assessments of the organization’s applications and systems to identify vulnerabilities, assess their impact, and provide recommendations for mitigation and/or remediation.

– Collaborate with development teams to perform vulnerability assessments, prioritize vulnerabilities based on risk, and help mitigate the risk through the development of security best practices and the implementation of secure coding practices.

– Evaluate third-party code and/or libraries against known vulnerabilities.

– Perform source code reviews to identify potential security risks and provide recommendations for remediation.

– Implement and manage security testing tools (SAST/DAST) to continuously monitor the security posture of the applications.

– Drive the integration of security into the CI/CD pipeline, ensuring seamless integration of security measures into the overall software development process.

– Act as technical contributor to all things related to application security.

– Be available on-call 24×7 to respond to security incidents and provide support to the incident response team.

What You Will Bring

– Bachelor’s degree in Computer Science or a related field.

– Strong development experience with both front-end and back-end technologies.

– Demonstrated ability to perform Web Application and API penetration testing.

– Experience securing container and microservices technologies (Kubernetes).

– Experience with cloud platforms such as Google Cloud Platform (GCP) and Amazon Web Services (AWS).

– Experience with the ELK (Elasticsearch, Logstash, and Kibana) stack.

– In-depth understanding of DevSecOps principles and practices.

– Familiarity with the OWASP Application Security Verification Standard (ASVS) and the ability to implement and adhere to its guidelines.

Apply Now

Is this posting closed? Report a Dead Link

We do our best to remove postings when they're taken down, but as a small team we sometimes miss a few. Thank you for helping us stay current.