Application Security Engineer

Company :

Finning International Inc.

Number of Openings : Worker Type :

Permanent

Position Overview :

TheApplication Security Engineerensures secure software development by integrating security tools into CI / CD pipelines and promoting DevSecOps practices. The role involves advising development teams managing vulnerabilities and driving security automation. Key responsibilities include mentoring on secure coding maintaining security documentation delivering training and reporting risks and compliance to leadership. Strong technical expertise in application security and excellent collaboration skills are essential.

What we can offer you :

Great people and place to work with a hybrid work opportunity

Career advancement and training opportunities

Pension and employee stock purchase plans with company contributions

Extensive health benefits including group medical and dental benefits and short-term and long-term disability benefits

For this position the expected salary range is between $100000 and $120000 annually. This range reflects our commitment to providing competitive compensation that aligns with industry standards and your qualifications.

Please note that the actual salary offer will be based on a candidates experience qualifications and fit for the role. We are dedicated to fostering an inclusive and equitable work environment and this salary range is designed to support that commitment.

Job Description : Major Job Roles :

Advisory and Guidance :

Drive the adoption and integration of application security tools and practices across development streams

Establish and maintain processes for identifying triaging and remediating vulnerabilities using automated security tooling

Ensure security tooling is effectively embedded within CI / CD workflows to support scalable and consistent security coverage

Advise on the integration and operationalization of application security tooling and practices ensuring development teams are equipped to implement and maintain secure solutions

Support teams in developing structured processes for managing alerts and remediation

Evaluate and recommend improvements to existing security tooling and practices based on evolving needs and threat landscape

Collaboration & Mentorship :

Act as a liaison between security and development teams to translate security requirements into actionable work items

Enable development teams to adopt secure development practices through coaching resources and ongoing support

Provide mentorship and technical guidance & training on secure coding threat modeling and vulnerability management

Collaborate with each development group to establish coding standards vulnerability and obsolescence management

Work with development leads to ensure scorecard compliance and continuous improvement

Promote DevSecOps principles by advising on security automation and fostering shared responsibility

Education and Stakeholder Engagement :

Create and maintain documentation for security processes tools and standards

Design and deliver targeted training and enablement programs tailored to development team needs and maturity levels

Promote awareness of emerging security threats and mitigation strategies

Engage stakeholders to align security initiatives with business goals

Liaison & Communication :

Monitor and report on the effectiveness of security controls and posture across public-facing applications

Communicate security risks tool performance and compliance status to leadership and stakeholders

Coordinate with cross-functional teams to ensure alignment on governance and ownership of security tools and processes

Define governance models for ownership lifecycle management and compliance of security tooling

Mandatory (Must-Have) Skills Required :

Strong knowledge of application security principles and secure SDLC.

Hands-on experience with security tools (e.g. GitHub Advanced Security SonarCloud SAST / SCA).

Familiarity with OWASP Top 10 and DevSecOps practices.

Proficiency with CI / CD pipelines and security automation.

Excellent communication and collaboration skills.

(Preferred certifications : CISSP CEH OSCP.)

Soft Skills :

Excellent communication and collaboration skills

Ability to translate technical security concepts into business-relevant language

Proven track record of working with cross-functional teams to drive security initiatives

At Finning we prioritize creating a diverse and inclusive environment. We are proud to be an equal opportunity employer and we actively encourage all individuals to express themselves and achieve their full potential. As a company we continuously strive to enhance our outreach to individuals of all backgrounds and identities. We do notdiscriminate against applicants based on gender identity race national and ethnic origin religion age sexual orientation marital and family status and / or mental or physical Finning is committed to collaborating with and providing reasonable accommodations / adjustments to individuals with disabilities. If you require an adjustment / accommodation at any point during the recruitment process please inform your recruiter.

Key Skills

Children Activity,EAM,Engineering Support,Maintenance Engineering,Accident Investigation,Branding

Employment Type : Full-Time

Experience : years

Vacancy : 1

Yearly Salary Salary : 100000 - 120000