Brainhunter is currently seeking "Application Security Engineering Specialist" to work for our valued Financial Service Client. The position requires the successful consultant to be on-site 3 days a week in Toronto.

Any specific tools/skillset:

• • Ability to think offensively like a hacker and defensively by evaluating applications and architecture.
• • Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts.
• • Read and write multiple programming languages. Java, C#, JavaScript, Apex, and Python are highly valued, but others will help too.
• • Demonstrated knowledge of security best practices, principles, and common frameworks, such as: OWASP, NIST, ISO, SOC, etc.
• • Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, bug bounty, etc.
• • Microservice architecture expertise and best practices in securing APIs across multi-cloud environments.
• • Relevant industry certifications, such as: OSCP, OSWE, GPEN, GWAPT, etc

Role profile description:

• Responsible for building security into all products end-to-end, and will be both hands-on technical and influential, and expected to directly communicate with cross_functional teams in Product, Development, and DevOps. Will also be responsible for analyzing the security of applications and services, discovering, and addressing security issues, building automation, and decisively taking action to mitigate emerging threats throughout the Secure Software Development Lifecycle (SSDLC).
• • Act as a subject matter expert for strategic initiatives, quarterly projects, and on-demand consultations.
• • Collaborate with product and development teams to ensure the adoption of SSDLC best practices across the entire application lifecycle (SAST, SCA, DAST, WAF, ASPM, etc.).
• • Write code to implement security policies and controls for well-known orchestration platforms (GitLab, Jenkins, etc.).
• • Participate in vulnerability management operations, such as: retesting and reprioritizing vulnerabilities, reviewing code changes, approving proposed remediation, etc.
• • Perform white box testing on Canada Life's portfolio of products.
• • Contribute technical and procedural documentation towards the organization's knowledge base.

How to Apply: Please email your resume to Reema Kaur at

We thank all applicants for their interest, however only those candidates selected for Interviews will be contacted.