Principal Application Security Specialist
Top Benefits
About the role
Who we are: For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations. Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it. We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers. Your role: The Principal Application Security Specialist is the most senior individual contributor across Global Relay's Software & Application Security function. Combining deep application security testing mastery with DevSecOps leadership, you set the technical direction for how Global Relay tests the security of its applications and for how security is engineered into the software development lifecycle. You lead the most complex and novel assessments, define testing methodology and standards, and drive the integration of automated security controls into CI/CD pipelines. You act as the organization’s authority on application, mobile and AI/LLM security, and partner with engineering, platform and product leadership so that security is built in and aligned with business objectives. Your responsibilities: Testing & methodology leadership Collaborate with the Team Lead, Application & Software Security to develop and own the application security testing methodology and standards across web, API, mobile and AI/LLM domains. Lead the most complex, novel and high-risk security assessments, including original research and the development of new testing techniques and tooling. Own the organization-wide triage, escalation and evidence-quality framework across all security testing and scanning functions and define how L1–L3 teams are trained and measured against it. Support the direction for the penetration testing and offensive security program. Own the most advanced threat modelling for critical and cross-cutting architecture. Serve as the organization's authority and final technical escalation point for application security. DevSecOps & secure SDLC Drive the integration of security into the SDLC and CI/CD pipelines, championing a proactive, risk-based, “shift-left” approach. Develop the organization-wide standards for remediation verification, retest evidence and release closure, ensuring security gating is consistently and appropriately applied across all release pipelines. Design and deploy an automated security framework for robust tooling and processes, using scripting and open-source solutions. Collaborate with Engineering for the selection, deployment and management of security scanning tools (SAST, DAST, SCA, container) within CI/CD pipelines, integrating them via APIs and plugins using agile delivery methods. Serve as the liaison for DevSecOps standards and provide input into new standards and policies. Review and analyze vulnerability data to identify risk across applications, infrastructure and network, and manage false positives. Set the organization's standards for root-cause analysis and remediation guidance on the most complex or systemic security defects and define how remediation quality is assessed across teams. Influence, measurement & people Define how testing coverage, quality and effectiveness are measured and drive continuous improvement. Partner with engineering, product and architecture teams to influence secure design at scale and prioritize security investment. Lead security sessions for engineering teams covering risks, report analysis, mitigations and process improvements. Mentor and develop specialists, create documentation and training material, and raise the technical bar across the function. Represent application security in cross-functional and, where appropriate, external forums. About you: 8+ years experience across application/product security testing and DevSecOps, with expert knowledge of software security. Experience with security frameworks (OWASP, MITRE, NIST), testing tools (SAST/DAST/SCA), scripting (Python, Java, Bash, PowerShell), and DevOps/CI-CD tooling (Git, Jenkins, Docker/Kubernetes) Solid understanding of secure development and coding practices Comfortable working cross-functionally with Security, Dev, and Engineering teams Strong communicator, able to translate technical concepts for any audience Self-directed, detail-oriented, and a sharp problem-solver Compensation: Global Relay advertises the pay range for this role in compliance with British Columbia’s pay transparency laws. Individual pay rates are determined by evaluating factors such as expertise, skills, education, and professional background. The range below reflects the expected annual base salary, which is only one element of our comprehensive total rewards package designed to reflect our company pay philosophy, culture and values. We aim to foster an inspiring work environment and support employees' work-life rhythms. We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Other benefits include: Paid sick days, maternity/parental enhancement program, bonus, and an RRSP contribution matching program. For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team! British Columbia - Base salary range $125,000—$160,000 CAD What you can expect: At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills. Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion. We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual. To learn more about our business, culture, and community involvement, visit www.globalrelay.com.
Not the right fit? Search for Application Security Specialist jobs in Vancouver, British Columbia, Canada
About Global Relay
Global Relay is the leading provider of fully compliant, cloud electronic communications archiving, messaging, supervision, and eDiscovery solutions for the global financial sector and other highly regulated industries.
Founded in 1999, Global Relay delivers services to over 20,000 customers in 90 countries, including 22 of the top 25 banks. From the Global Relay App for compliant communications, through to intelligent archiving, superior data connectors, and proactive surveillance, Global Relay’s integrated compliance solutions enable regulated organizations to meet collaboration, privacy, and security requirements.
Similar Jobs
Principal Application Security Specialist
Top Benefits
About the role
Who we are: For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations. Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it. We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers. Your role: The Principal Application Security Specialist is the most senior individual contributor across Global Relay's Software & Application Security function. Combining deep application security testing mastery with DevSecOps leadership, you set the technical direction for how Global Relay tests the security of its applications and for how security is engineered into the software development lifecycle. You lead the most complex and novel assessments, define testing methodology and standards, and drive the integration of automated security controls into CI/CD pipelines. You act as the organization’s authority on application, mobile and AI/LLM security, and partner with engineering, platform and product leadership so that security is built in and aligned with business objectives. Your responsibilities: Testing & methodology leadership Collaborate with the Team Lead, Application & Software Security to develop and own the application security testing methodology and standards across web, API, mobile and AI/LLM domains. Lead the most complex, novel and high-risk security assessments, including original research and the development of new testing techniques and tooling. Own the organization-wide triage, escalation and evidence-quality framework across all security testing and scanning functions and define how L1–L3 teams are trained and measured against it. Support the direction for the penetration testing and offensive security program. Own the most advanced threat modelling for critical and cross-cutting architecture. Serve as the organization's authority and final technical escalation point for application security. DevSecOps & secure SDLC Drive the integration of security into the SDLC and CI/CD pipelines, championing a proactive, risk-based, “shift-left” approach. Develop the organization-wide standards for remediation verification, retest evidence and release closure, ensuring security gating is consistently and appropriately applied across all release pipelines. Design and deploy an automated security framework for robust tooling and processes, using scripting and open-source solutions. Collaborate with Engineering for the selection, deployment and management of security scanning tools (SAST, DAST, SCA, container) within CI/CD pipelines, integrating them via APIs and plugins using agile delivery methods. Serve as the liaison for DevSecOps standards and provide input into new standards and policies. Review and analyze vulnerability data to identify risk across applications, infrastructure and network, and manage false positives. Set the organization's standards for root-cause analysis and remediation guidance on the most complex or systemic security defects and define how remediation quality is assessed across teams. Influence, measurement & people Define how testing coverage, quality and effectiveness are measured and drive continuous improvement. Partner with engineering, product and architecture teams to influence secure design at scale and prioritize security investment. Lead security sessions for engineering teams covering risks, report analysis, mitigations and process improvements. Mentor and develop specialists, create documentation and training material, and raise the technical bar across the function. Represent application security in cross-functional and, where appropriate, external forums. About you: 8+ years experience across application/product security testing and DevSecOps, with expert knowledge of software security. Experience with security frameworks (OWASP, MITRE, NIST), testing tools (SAST/DAST/SCA), scripting (Python, Java, Bash, PowerShell), and DevOps/CI-CD tooling (Git, Jenkins, Docker/Kubernetes) Solid understanding of secure development and coding practices Comfortable working cross-functionally with Security, Dev, and Engineering teams Strong communicator, able to translate technical concepts for any audience Self-directed, detail-oriented, and a sharp problem-solver Compensation: Global Relay advertises the pay range for this role in compliance with British Columbia’s pay transparency laws. Individual pay rates are determined by evaluating factors such as expertise, skills, education, and professional background. The range below reflects the expected annual base salary, which is only one element of our comprehensive total rewards package designed to reflect our company pay philosophy, culture and values. We aim to foster an inspiring work environment and support employees' work-life rhythms. We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Other benefits include: Paid sick days, maternity/parental enhancement program, bonus, and an RRSP contribution matching program. For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team! British Columbia - Base salary range $125,000—$160,000 CAD What you can expect: At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills. Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion. We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual. To learn more about our business, culture, and community involvement, visit www.globalrelay.com.
Not the right fit? Search for Application Security Specialist jobs in Vancouver, British Columbia, Canada
About Global Relay
Global Relay is the leading provider of fully compliant, cloud electronic communications archiving, messaging, supervision, and eDiscovery solutions for the global financial sector and other highly regulated industries.
Founded in 1999, Global Relay delivers services to over 20,000 customers in 90 countries, including 22 of the top 25 banks. From the Global Relay App for compliant communications, through to intelligent archiving, superior data connectors, and proactive surveillance, Global Relay’s integrated compliance solutions enable regulated organizations to meet collaboration, privacy, and security requirements.