Hiring an Application Security Engineering Specialist. Professionals suitable for the below opportunity may send their up-to-date resumes to

Requirement Summary

• Job Role/Title: Application Security Engineering Specialist
• Job Location: Toronto, Ontario, Canada.
• Job Duration: Initial contract of 6 months, with good possibilities of further extension.
• Work Style: Hybrid work setting - 3 days/week in the office required.

Position Overview and Deliverables: Seeking a Senior Application Security Engineering Specialist, who will be responsible for building security into all products end-to-end, and will be both hands-on technical and influential, and expected to directly communicate with cross-functional teams in Product, Development, and DevOps. Will also be responsible for analyzing the security of applications and services, discovering and addressing security issues, building automation, and decisively taking action to mitigate emerging threats throughout the Secure Software Development Lifecycle (SSDLC).

• Act as a subject matter expert for strategic initiatives, quarterly projects, and on-demand consultations.
• Collaborate with product and development teams to ensure the adoption of SSDLC best practices across the entire application lifecycle (SAST, SCA, DAST, WAF, ASPM, etc.).
• Write code to implement security policies and controls for well-known orchestration platforms (GitLab, Jenkins, etc.).
• Participate in vulnerability management operations, such as retesting and reprioritizing vulnerabilities, reviewing code changes, approving proposed remediations, etc.
• Perform white box testing on Canada Life's portfolio of products.
• Contribute technical and procedural documentation towards the organization's knowledge base.

Key Skillset for this Role

• Ability to think offensively like a hacker and defensively by evaluating applications and architecture.
• Excellent written communication skills, with a focus on translating technically complex issues into simple, easy-to-understand concepts.
• Read and write multiple programming languages like Java, C#, JavaScript, Apex, and Python are highly valued, but others will help too.
• Demonstrated knowledge of security best practices, principles, and common frameworks, such as OWASP, NIST, ISO, SOC, etc.
• Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, bug bounty, etc.
• Microservice architecture expertise and best practices in securing APIs across multi-cloud environments.
• Relevant industry certifications, such as OSCP, OSWE, GPEN, GWAPT, etc.

How to Apply: Please email me your up-to-date Resume/CV at

We appreciate all the applicants for their interest in working with us, however, only those candidates shortlisted for the next steps in the hiring process will be contacted.

Brainhunter is committed to providing an inclusive and accessible recruitment process. If you require accommodation at any point during the recruitment process, please reach out directly to the job poster or email .

Thank you, and have a wonderful day :)