Talent.com
Astra North Infoteck Inc.
Application Security Engineer (SME) - DevSecOps, Pen TestingAstra North Infoteck Inc. • Toronto, ON, ca
Application Security Engineer (SME) - DevSecOps, Pen Testing

Application Security Engineer (SME) - DevSecOps, Pen Testing

Astra North Infoteck Inc. • Toronto, ON, ca
12 days ago
Job type
  • Full-time
Job description
Role Description

We are seeking an experienced Senior Application Security SME/ DevSecOps Security Consultant to lead and mature application security practices across enterprise platforms and development teams. The ideal candidate will have deep expertise in modern application architectures, secure coding practices, security testing methodologies, and the ability to partner effectively with development, engineering, DevOps, and risk teams to embed security throughout the software delivery lifecycle.

Primary Skills
  • Application Security
  • Secure SDLC (SSDLC)
  • DevSecOps
  • Threat Modeling
  • Cloud Security (Azure, AWS, GCP)
  • Security Architecture
  • Vulnerability Management
  • SAST / DAST / SCA
  • OWASP Top 10
  • API Security
Key Responsibilities

Application Security Strategy & Advisory

  • Act as the Subject Matter Expert (SME) for application security across enterprise platforms and development teams.
  • Define and enhance the organization's application security strategy, standards, and control frameworks.
  • Provide expert guidance on secure design, secure coding, threat mitigation, and vulnerability management.
  • Partner with engineering and architecture teams to embed security-by-design principles into applications and digital initiatives.

Secure SDLC / DevSecOps Enablement

  • Drive implementation and maturity of the Secure Software Development Lifecycle (SSDLC).
  • Integrate security controls and testing into CI/CD pipelines and DevSecOps workflows.
  • Enable use of security tools and automation across build and release processes.
  • Promote a shift-left security approach to detect and remediate issues early in the development lifecycle.

Architecture Reviews & Threat Modeling

  • Perform application architecture and design reviews to identify security risks and recommend remediation strategies.
  • Lead threat modeling sessions for web, mobile, API, and cloud-native applications.
  • Review application components for vulnerabilities related to authentication, authorization, session management, input validation, data protection, and API security.
  • Recommend secure reference architectures, reusable security patterns, and implementation guardrails.

Security Testing & Vulnerability Management

  • Lead or support application security assessments, including:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Software Composition Analysis (SCA)
    • API Security Testing
    • Manual Security Reviews and Penetration Testing Coordination
  • Analyze, triage, and prioritize vulnerabilities based on risk and business impact.
  • Work closely with development teams to track remediation and validate closure of security issues.
  • Support secure management of open-source components and third-party libraries.

Cloud & Modern Application Security

  • Provide security guidance for modern application environments, including:
    • Microservices and APIs
    • Containers and Kubernetes
    • Cloud-Native Applications
    • Serverless and Event-Driven Architectures
  • Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP.

Compliance, Governance & Risk

  • Ensure application security practices align with internal security policies and external standards and regulations.
  • Support compliance requirements related to secure development and application security controls.
  • Contribute to audit responses, control evidence collection, and security risk assessments.
  • Develop security metrics, dashboards, and reporting to track application security posture and control effectiveness.
Required Qualifications
  • Bachelor's degree in Computer Science, Information Security, Engineering, or related field.
  • 8+ years of experience in Application Security, Secure Software Engineering, Cybersecurity Architecture, or related roles.
  • Proven experience implementing and managing application security programs in enterprise environments.

Strong Understanding Of

  • Secure SDLC / SSDLC
  • DevSecOps Principles
  • OWASP Top 10
  • API Security Top 10
  • Common Software and Web Application Vulnerabilities

Hands-On Experience With Application Security Testing Tools

SAST

  • Checkmarx
  • Fortify
  • Veracode
  • SonarQube

DAST

  • Burp Suite
  • AppScan
  • Acunetix

SCA

  • Snyk
  • Black Duck
  • Mend / WhiteSource

Additional Requirements

  • Experience in Threat Modeling methodologies (e.g., STRIDE).
  • Strong knowledge of Authentication, Authorization, Encryption, Secrets Management, and Secure Design Principles.
  • Experience working with Cloud Platforms such as Azure, AWS, or GCP.
  • Strong verbal and written communication skills with the ability to work across technical and non-technical stakeholders.
Preferred Qualifications
  • Experience in highly regulated industries such as:
    • Banking
    • Financial Services
    • Insurance (BFSI)
    • Healthcare
    • Public Sector

Familiarity With

  • NIST
  • ISO 27001
  • PCI-DSS
  • SOC 2
  • OSFI Guidelines (Canada)

CI/CD Platforms

  • Azure DevOps
  • Jenkins
  • GitHub Actions
  • GitLab

Additional Exposure

  • Container Security
  • Kubernetes Security
  • Cloud Workload Protection
  • Red Team / Blue Team Collaboration
  • Application-Layer Attack Simulation
  • Security Incident Response Readiness
Preferred Certifications
  • CISSP
  • CSSLP
  • CISM
  • CEH
  • GWAPT
  • OSCP
  • Azure Security Certifications
  • AWS Security Certifications
  • GCP Security Certifications


Create a job alert for this search

Application Security Engineer (SME) - DevSecOps, Pen Testing • Toronto, ON, ca

Similar jobs

Application Security Engineer/Developer

Stryker CorporationToronto, ON, CA
Full-time

Our Marsh Information Security team is seeking candidates for the following position based in Toronto, ON and will be onsite three days a week.Application Security Engineer/Developer.Serve as a sec... Show more

 • Promoted

Movable Ink Product Security Engineering Role

Movable InkToronto, ON, CA
Full-time

Join Movable Ink as a Product Security Engineer, focusing on securing codebases and fostering safe development practices.Your expertise will directly impact our software delivery and security strat... Show more

 • Promoted

Security Detection Engineer — SIEM/EDR, Cloud, Automation (Equity)

RobinhoodToronto, ON, CA
Full-time

A leading financial technology company in Toronto, Ontario, is seeking a Security Operations team member.The role involves investigating security alerts, developing detection rules, and collaborati... Show more

 • Promoted

Remote Security & DevOps Engineer for SaaS/IoT Cloud

KeycafeToronto, ON, CA
Remote
Full-time

A leading technology firm in Canada is seeking a passionate Security & DevOps Engineer to enhance its cloud environments and ensure high security across its global IoT platform.You'll manage applic... Show more

 • Promoted

Application Security Software Engineer - C$92,900 - C$100,000 A Year

PointClickCareToronto, Canada
Full-time

Application Security Software Engineer needed to safeguard applications and platforms, triage vulnerabilities, and build security libraries.Requires experience with SAST, DAST, and SCA tools. Show more

 • Promoted

Application Security Engineer/Developer

MarshToronto, Canada
Full-time

Our Marsh Information Security team is seeking candidates for the following position based in Toronto, ON and will be onsite three days a week.Application Security Engineer/Developer We will count ... Show more

 • Promoted • New!

Application Security Engineer/Developer

National Asset Mgmt IncorporatedToronto, ON, CA
Full-time

Our Marsh Information Security team is seeking candidates for the following position based in Toronto, ON and will be onsite three days a week.Application Security Engineer/Developer.Serve as a sec... Show more

 • Promoted

Senior Application Security Engineer

CognizantToronto, ON, CA
Full-time

Job Title - App Security Specialist.DevOps, with at least 2 - 3 years hands-on security exposure (secure coding, pipeline security, API security, threat modeling).Seniority level: Mid-Senior level.... Show more

 • Promoted

Cloud Security Engineer – DevSecOps & AWS Expertise

AquanowToronto, ON, CA
Full-time

A leading infrastructure provider is seeking a Cloud Security Engineer to join the technology team in Toronto.The role involves performing security assessments, managing security tools in CI/CD pip... Show more

 • Promoted

Remote SaaS Security Engineer: Protect Cloud Apps

Linxus GroupToronto, ON, CA
Remote
Full-time

A leading SaaS company in Toronto is seeking an experienced Security Engineer to join their remote team.The role focuses on designing and maintaining security measures for cloud applications and re... Show more

 • Promoted

Senior Application Security Engineer

HelloFreshToronto, ON, CA
Full-time

We're looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges.Security Engineers work in a va... Show more

 • Promoted

Staff Security Engineer, Application Security

HomebaseToronto, ON, CA
Full-time

These are the key ways you’ll contribute and create impact in this role:.Security Strategy & Architecture.Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security... Show more

 • Promoted

Senior DevSecOps Security Engineer

Compunnel, Inc.Toronto
Full-time

A tech company in Toronto, Canada is looking for an experienced Security Engineer to enhance application and cloud security.The role requires strong development skills and expertise in modern appli... Show more

 • Promoted

Cloud Security Engineer: DevSecOps & Secure SDLC Expert

ScotiabankToronto, ON, CA
Full-time

A leading banking institution in Toronto seeks a Cloud Security Engineer to enhance cloud security processes.The role involves developing and maintaining tools within Google and Azure environments,... Show more

 • Promoted

Palo Alto Security SME - Implementation

Tech Talent InternationalToronto, ON, CA
Full-time

About the job Palo Alto Security SME - Implementation.Fortune 100/500/1000 and other companies in Canada/US.We are currently hiring for a Palo Alto Security SME - Implementation for our IT infrastr... Show more

 • Promoted

IT Application Security Manager

Randstad DigitalToronto, ON, CA
Full-time

Candidates MUST be located in Toronto, ON / GTA --- This is a HYBRID Role --- 3 days a week work from office.Seniority Level - 10+ Years (Senior).People Management Experience is a MUST.App Sec tech... Show more

 • Promoted

Application Security Software Engineer

PointClickCareToronto
Full-time

This range is provided by PointClickCare.Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.PointClickCare is a leading North American healthcare t... Show more

 • Promoted

Senior Security Engineer

EQ Bank | Equitable BankToronto, ON, CA
Full-time

Senior Security Engineer with a strong Cloud Security background.The candidate will have an in-depth Zero Trust and SASE security model understanding.Responsibilities include Cloud Logs Acquisition... Show more

 • Promoted

Senior Security Engineer Enhancing Product Integrity and Safety

AffirmToronto, ON, CA
Full-time

Become a pivotal force in product security as a Senior Product Security Engineer.Engage in cross-functional collaboration to improve the security of innovative financial products in a remote role.T... Show more

 • Promoted

Senior Security Engineer Focused on Detection and Response Frameworks

1PasswordToronto, ON, CA
Full-time

Join as a Senior Security Engineer to strengthen detection and incident response frameworks.Lead initiatives that optimize security measures and enhance organizational resilience in a remote enviro... Show more