Senior Application Security Analyst

The Role: Senior Application Security Analyst

What you are looking for:

• A closely connected culture
• A total rewards package meant to enhance your work-life flexibility
• Fully utilizing your talent
• Professional growth and development via challenging projects and assignments
• Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network

Reporting to the Cybersecurity Manager, the Sr. Application Security Analyst is responsible for embedding security into the design, development, and delivery of applications across the software development lifecycle. The role works hands‑on with development and architecture teams to identify and reduce application security risk, while collaborating with Governance, Risk, and Compliance teams to ensure alignment with Rexall security standards and industry best practices.

What you’ll be doing:

• Support and continuously improve Rexall’s Secure Software Development Lifecycle (SDLC) by integrating security activities into design, development, testing, and deployment processes.
• Work hands‑on with software development teams to identify, assess, and remediate application security risks throughout the application lifecycle.
• Provide secure coding guidance, design recommendations, and practical remediation support to development teams.
• Partner with enterprise and software architects to review application designs and ensure appropriate application security controls are implemented.
• Contribute to the development and maintenance of application security reference patterns and reusable security design guidance for common deployment models, including web, mobile, cloud‑based applications, SaaS, and PaaS.
• Research and evaluate application security controls and solutions for cloud application hosting platforms and modern architectures.
• Lead and execute application security risk assessments for new and existing applications.
• Act as the primary security point of contact for teams developing or enhancing applications, providing ongoing security consultation.
• Participate in security reviews of new application implementations and significant changes, offering risk‑based recommendations rather than gatekeeping.
• Manage and operate application security testing tools, including static and dynamic scanning platforms.
• Analyze findings, validate results, prioritize remediation, and work with internal and external teams to resolve vulnerabilities identified through scans, testing, or other channels.
• Support the configuration and ongoing management of Web Application Firewall (WAF) controls related to application security.
• Provide application‑level expertise during security incidents, including investigation support, root cause analysis, and remediation guidance.
• Collaborate with Governance, Risk, and Compliance (GRC) teams to ensure application security practices align with corporate policies and regulatory obligations.
• Support internal and external audits by providing technical evidence, remediation plans, and application security documentation as required.
• Assist in closing audit findings related to application design, implementation, and security controls.
• Work collaboratively with IT, development, and operations teams to support secure and timely delivery of business initiatives.
• Perform additional duties as required to support the security objectives of Rexall Pharmacy Group Ltd.

Knowledge, skills and experience:

• Minimum of 5+ years of experience in IT, with a Bachelor’s degree in Computer Science or equivalent practical experience.
• Hands‑on software development experience in common programming environments i.e. .NET, Java, Python, and PHP.
• Experience supporting Secure SDLC / DevSecOps practices, including modern architectures such as microservices and cloud‑based solutions.
• Strong knowledge of application authentication, authorization, and encryption, including IAM, key management, OAuth, and SAML.
• Experience securing web and mobile applications throughout the development lifecycle.
• Experience conducting or coordinating application penetration testing.
• Hands‑on experience with static and dynamic application security testing tools (Checkmarx, Rapid7 etc.).
• Practical knowledge of secure coding practices and application security principles defined by OWASP, and familiarity with ISO 27001 and/or NIST frameworks.
• Experience supporting PCI DSS compliance, particularly as it relates to application and system architecture.
• Experience working with containerized environments, including Docker, Kubernetes, and Azure Kubernetes Service (AKS), is an asset.
• Experience implementing and managing Web Application Firewall (WAF) solutions such as Cloudflare and Imperva.
• Experience with application security best practices in cloud platforms such as M365, Azure, Google Cloud and AWS
• Familiarity with PIPDEDA/PHIPA privacy requirements and practical approaches to protecting sensitive information (PHI/PII/PCI).
• Experience supporting security audits (e.g., PCI DSS, ISO 27001) is considered an asset.
• Strong interpersonal and communication skills, with the ability to collaborate effectively across technical and non‑technical teams.
• Strong organization and time‑management skills in a fast‑paced environment

At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.

Are you #ALLin?

Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.

Our hiring process uses AI-enabled tools to assist with the assessment of applications based on job-related criteria. All decisions are made by the hiring team.