Application Security SME
About the role
Role: Application Security SME Location: Toronto, ON Work Type: Hybrid 3days/week Assignment Length:12 Months Years of Experience Required: 8+ The ideal candidate will have deep expertise in modern application architectures, secure coding practices, security testing methodologies, and the ability to partner effectively with development, engineering, DevOps, and risk teams to embed security throughout the software delivery lifecycle.
Key Responsibilities: Application Security Strategy & Advisory
- Act as the Subject Matter Expert (SME) for application security across enterprise platforms and development teams
- Define and enhance the organization’s application security strategy, standards, and control frameworks
- Provide expert guidance on secure design, secure coding, threat mitigation, and vulnerability management
- Partner with engineering and architecture teams to embed security-by-design principles into applications and digital initiatives Secure SDLC / DevSecOps Enablement
- Drive implementation and maturity of the Secure Software Development Lifecycle (SSDLC)
- Integrate security controls and testing into CI/CD pipelines and DevSecOps workflows
- Enable use of security tools and automation across build and release processes
- Promote a shift-left security approach to detect and remediate issues early in the development lifecycle Architecture Reviews & Threat Modeling
- Perform application architecture and design reviews to identify security risks and recommend remediation strategies
- Lead threat modeling sessions for web, mobile, API, and cloud-native applications
- Review application components for vulnerabilities related to authentication, authorization, session management, input validation, data protection, and API security
- Recommend secure reference architectures, reusable security patterns, and implementation guardrails Security Testing & Vulnerability Management
- Lead or support application security assessments, including: o Static Application Security Testing (SAST) o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o API Security Testing o Manual security reviews and penetration testing coordination
- Analyze, triage, and prioritize vulnerabilities based on risk and business impact
- Work closely with development teams to track remediation and validate closure of security issues
- Support secure management of open-source components and third-party libraries Cloud & Modern Application Security
- Provide security guidance for modern application environments, including: o Microservices and APIs o Containers and Kubernetes o Cloud-native applications o Serverless and event-driven architectures
- Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP Compliance, Governance & Risk
- Ensure application security practices align with internal security policies and external standards/regulations
- Support compliance requirements related to secure development and application security controls
- Contribute to audit responses, control evidence collection, and security risk assessments
- Develop security metrics, dashboards, and reporting to track application security posture and control effectiveness
Required Qualifications:
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field
- 8+ years of experience in application security, secure software engineering, cybersecurity architecture, or related roles
- Proven experience implementing and managing application security programs in enterprise environments
- Strong understanding of: o Secure SDLC / SSDLC o DevSecOps principles o OWASP Top 10 o API Security Top 10 o Common software and web application vulnerabilities
- Hands-on experience with application security testing tools such as: o SAST: Checkmarx, Fortify, Veracode, SonarQube o DAST: Burp Suite, AppScan, Acunetix o SCA: Snyk, Black Duck, Mend/WhiteSource
- Experience in threat modeling methodologies (e.g., STRIDE)
- Strong knowledge of authentication, authorization, encryption, secrets management, and secure design principles
- Experience working with cloud platforms such as Azure, AWS, or GCP
- Strong verbal and written communication skills with ability to work across technical and non-technical stakeholders
Preferred Qualifications:
- Experience in highly regulated industries such as Banking, Financial Services, Insurance (BFSI), healthcare, or public sector
- Familiarity with security requirements related to standards/frameworks such as: o NIST o ISO 27001 o PCI-DSS o SOC 2 o OSFI guidance (for Canada-based roles)
- Experience with CI/CD platforms such as Azure DevOps, Jenkins, GitHub Actions, or GitLab
- Exposure to container security, Kubernetes security, and cloud workload protection
- Familiarity with red team / blue team collaboration for application-layer attack simulation and response readiness
Preferred Certifications:
- CISSP
- CSSLP
- CISM
- CEH / GWAPT / OSCP (nice to have)
- Cloud Security certifications (Azure / AWS / GCP)
Key Skills & Competencies:
- Deep expertise in application security architecture and secure development practices
- Strong analytical and problem-solving capabilities
- Ability to influence and partner with engineering teams in a collaborative manner
- Excellent stakeholder management and communication skills
- Strong understanding of balancing security, agility, and business priorities
- Ability to work independently and lead strategic application security initiatives
Not the right fit? Search for Application Security SME jobs in Toronto, Ontario, Canada
About Scalable Systems
Scalable Systems is a Data, Analytics & Digital Transformation Company focused on vertical-specific innovative solutions.
By providing next-generation technology solutions and services, we help organizations to identify risks & opportunities, achieve operational excellence and to gain an innovative edge.
We take a holistic approach to solve industry challenges by focusing both on technology and industry verticals. Our focus on technology innovation and collaboration with the world's leading technology companies helps us stay ahead of the curve. Our focus on verticals helps us to understand industry-specific challenges. Our value lies in our ability to link the best technology solution to complex business challenges in the most cost-effective and innovative way.
Headquartered in New Jersey, we are a Minority Certified company by the National Minority Supplier Development Council and the State of New Jersey, with operations in the USA, Europe and Asia.
Similar Jobs
Application Security SME
About the role
Role: Application Security SME Location: Toronto, ON Work Type: Hybrid 3days/week Assignment Length:12 Months Years of Experience Required: 8+ The ideal candidate will have deep expertise in modern application architectures, secure coding practices, security testing methodologies, and the ability to partner effectively with development, engineering, DevOps, and risk teams to embed security throughout the software delivery lifecycle.
Key Responsibilities: Application Security Strategy & Advisory
- Act as the Subject Matter Expert (SME) for application security across enterprise platforms and development teams
- Define and enhance the organization’s application security strategy, standards, and control frameworks
- Provide expert guidance on secure design, secure coding, threat mitigation, and vulnerability management
- Partner with engineering and architecture teams to embed security-by-design principles into applications and digital initiatives Secure SDLC / DevSecOps Enablement
- Drive implementation and maturity of the Secure Software Development Lifecycle (SSDLC)
- Integrate security controls and testing into CI/CD pipelines and DevSecOps workflows
- Enable use of security tools and automation across build and release processes
- Promote a shift-left security approach to detect and remediate issues early in the development lifecycle Architecture Reviews & Threat Modeling
- Perform application architecture and design reviews to identify security risks and recommend remediation strategies
- Lead threat modeling sessions for web, mobile, API, and cloud-native applications
- Review application components for vulnerabilities related to authentication, authorization, session management, input validation, data protection, and API security
- Recommend secure reference architectures, reusable security patterns, and implementation guardrails Security Testing & Vulnerability Management
- Lead or support application security assessments, including: o Static Application Security Testing (SAST) o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o API Security Testing o Manual security reviews and penetration testing coordination
- Analyze, triage, and prioritize vulnerabilities based on risk and business impact
- Work closely with development teams to track remediation and validate closure of security issues
- Support secure management of open-source components and third-party libraries Cloud & Modern Application Security
- Provide security guidance for modern application environments, including: o Microservices and APIs o Containers and Kubernetes o Cloud-native applications o Serverless and event-driven architectures
- Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP Compliance, Governance & Risk
- Ensure application security practices align with internal security policies and external standards/regulations
- Support compliance requirements related to secure development and application security controls
- Contribute to audit responses, control evidence collection, and security risk assessments
- Develop security metrics, dashboards, and reporting to track application security posture and control effectiveness
Required Qualifications:
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field
- 8+ years of experience in application security, secure software engineering, cybersecurity architecture, or related roles
- Proven experience implementing and managing application security programs in enterprise environments
- Strong understanding of: o Secure SDLC / SSDLC o DevSecOps principles o OWASP Top 10 o API Security Top 10 o Common software and web application vulnerabilities
- Hands-on experience with application security testing tools such as: o SAST: Checkmarx, Fortify, Veracode, SonarQube o DAST: Burp Suite, AppScan, Acunetix o SCA: Snyk, Black Duck, Mend/WhiteSource
- Experience in threat modeling methodologies (e.g., STRIDE)
- Strong knowledge of authentication, authorization, encryption, secrets management, and secure design principles
- Experience working with cloud platforms such as Azure, AWS, or GCP
- Strong verbal and written communication skills with ability to work across technical and non-technical stakeholders
Preferred Qualifications:
- Experience in highly regulated industries such as Banking, Financial Services, Insurance (BFSI), healthcare, or public sector
- Familiarity with security requirements related to standards/frameworks such as: o NIST o ISO 27001 o PCI-DSS o SOC 2 o OSFI guidance (for Canada-based roles)
- Experience with CI/CD platforms such as Azure DevOps, Jenkins, GitHub Actions, or GitLab
- Exposure to container security, Kubernetes security, and cloud workload protection
- Familiarity with red team / blue team collaboration for application-layer attack simulation and response readiness
Preferred Certifications:
- CISSP
- CSSLP
- CISM
- CEH / GWAPT / OSCP (nice to have)
- Cloud Security certifications (Azure / AWS / GCP)
Key Skills & Competencies:
- Deep expertise in application security architecture and secure development practices
- Strong analytical and problem-solving capabilities
- Ability to influence and partner with engineering teams in a collaborative manner
- Excellent stakeholder management and communication skills
- Strong understanding of balancing security, agility, and business priorities
- Ability to work independently and lead strategic application security initiatives
Not the right fit? Search for Application Security SME jobs in Toronto, Ontario, Canada
About Scalable Systems
Scalable Systems is a Data, Analytics & Digital Transformation Company focused on vertical-specific innovative solutions.
By providing next-generation technology solutions and services, we help organizations to identify risks & opportunities, achieve operational excellence and to gain an innovative edge.
We take a holistic approach to solve industry challenges by focusing both on technology and industry verticals. Our focus on technology innovation and collaboration with the world's leading technology companies helps us stay ahead of the curve. Our focus on verticals helps us to understand industry-specific challenges. Our value lies in our ability to link the best technology solution to complex business challenges in the most cost-effective and innovative way.
Headquartered in New Jersey, we are a Minority Certified company by the National Minority Supplier Development Council and the State of New Jersey, with operations in the USA, Europe and Asia.