Senior Application Security Consultant - CAD$100,000 - $170,000 + benefits

Toronto or Vancouver - Hybrid / Occasional day in office

An established and growing provider of application and cloud infrastructure security services is seeking a Senior Application Security Consultant to join their team.

We are looking for someone who has prior experience in software development and has since progressed into a Cyber Security domain with experience with vulnerability and penetration testing.

This role is ideal for a driven professional who thrives in a collaborative, flexible, and innovation-focused environment. The organization serves medium-sized businesses across industries such as finance, healthcare, e-commerce, and technology.

The Senior Application Security Consultant will play a key role in service delivery, driving improvement, and contributing to the company's growth. The position involves working closely with internal and external teams to deliver high-quality application security solutions tailored to client needs.

Key Responsibilities

• Lead engagements from initiation to completion, collaborating with both internal and client teams.
• Perform application security services, including design reviews and penetration testing of web, mobile, or desktop applications using both automated and manual methods.
• Develop and deliver application security design documents and risk assessment reports.
• Design application security solutions that align with client requirements.
• Review security findings, recommend remediation steps, and assist clients with implementation.
• Work closely with client development teams, providing guidance on secure development practices.
• Act as a subject matter expert, offering mentorship, peer reviews, and expertise in application security.
• Support cloud infrastructure security initiatives and engagements in other domains as required.
• Identify opportunities for process improvement and automation, implementing recommendations where appropriate.
• Assist in technical sales for application security and related services.
• Provide regular updates to leadership on key metrics, achievements, and challenges.
• Maintain industry knowledge by attending relevant training and conferences.

Qualifications

• Considerable experience in a security engineering role including vulnerability and penetration testing
• Modern software development experience (API expertise is an asset).
• Strong understanding of secure software design principles and development methodologies.
• Proficiency in programming languages such as Java, JavaScript, Python, C#, or C/C++, and related frameworks.
• Expertise in identifying and addressing security vulnerabilities (e.g., OWASP Top 10, CWE Top 25).
• Experience with static and dynamic analysis tools and manual testing methods (black-box and white-box).
• Knowledge of authentication and authorization protocols (e.g., OAuth, OpenID Connect, SAML) and applied cryptography.
• Familiarity with cloud platforms and automated security tools.
• Contributions to the security community (e.g., research, presentations, open-source projects) are highly valued.
• Strong communication and executive-level presentation skills.
• A self-motivated, team-oriented individual with a passion for security and ethical hacking.