Application Security Engineer Jobs in Toronto, Ontario, Canada
Create alert for “Application Security Engineer”
Toronto, Ontario, Canada
Application Security Engineer (SME) - DevSecOps, Pen Testing
About the role
Role Description We are seeking an experienced Senior Application Security SME/ DevSecOps Security Consultant to lead and mature application security practices across enterprise platforms and development teams. The ideal candidate will have deep expertise in modern application architectures, secure coding practices, security testing methodologies, and the ability to partner effectively with development, engineering, DevOps, and risk teams to embed security throughout the software delivery lifecycle. Primary Skills Application Security Secure SDLC (SSDLC) DevSecOps Threat Modeling Cloud Security (Azure, AWS, GCP) Security Architecture Vulnerability Management SAST / DAST / SCA OWASP Top 10 API Security Key Responsibilities Application Security Strategy & Advisory Act as the Subject Matter Expert (SME) for application security across enterprise platforms and development teams. Define and enhance the organization's application security strategy, standards, and control frameworks. Provide expert guidance on secure design, secure coding, threat mitigation, and vulnerability management. Partner with engineering and architecture teams to embed security-by-design principles into applications and digital initiatives. Secure SDLC / DevSecOps Enablement Drive implementation and maturity of the Secure Software Development Lifecycle (SSDLC). Integrate security controls and testing into CI/CD pipelines and DevSecOps workflows. Enable use of security tools and automation across build and release processes. Promote a shift-left security approach to detect and remediate issues early in the development lifecycle. Architecture Reviews & Threat Modeling Perform application architecture and design reviews to identify security risks and recommend remediation strategies. Lead threat modeling sessions for web, mobile, API, and cloud-native applications. Review application components for vulnerabilities related to authentication, authorization, session management, input validation, data protection, and API security. Recommend secure reference architectures, reusable security patterns, and implementation guardrails. Security Testing & Vulnerability Management Lead or support application security assessments, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) API Security Testing Manual Security Reviews and Penetration Testing Coordination Analyze, triage, and prioritize vulnerabilities based on risk and business impact. Work closely with development teams to track remediation and validate closure of security issues. Support secure management of open-source components and third-party libraries. Cloud & Modern Application Security Provide security guidance for modern application environments, including: Microservices and APIs Containers and Kubernetes Cloud-Native Applications Serverless and Event-Driven Architectures Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP. Compliance, Governance & Risk Ensure application security practices align with internal security policies and external standards and regulations. Support compliance requirements related to secure development and application security controls. Contribute to audit responses, control evidence collection, and security risk assessments. Develop security metrics, dashboards, and reporting to track application security posture and control effectiveness. Required Qualifications Bachelor's degree in Computer Science, Information Security, Engineering, or related field. 8+ years of experience in Application Security, Secure Software Engineering, Cybersecurity Architecture, or related roles. Proven experience implementing and managing application security programs in enterprise environments.
Strong Understanding Of
Secure SDLC / SSDLC DevSecOps Principles OWASP Top 10 API Security Top 10 Common Software and Web Application Vulnerabilities
Hands-On Experience With Application Security Testing Tools
SAST Checkmarx Fortify Veracode SonarQube DAST Burp Suite AppScan Acunetix SCA Snyk Black Duck Mend / WhiteSource
Additional Requirements
Experience in Threat Modeling methodologies (e.g., STRIDE). Strong knowledge of Authentication, Authorization, Encryption, Secrets Management, and Secure Design Principles. Experience working with Cloud Platforms such as Azure, AWS, or GCP. Strong verbal and written communication skills with the ability to work across technical and non-technical stakeholders. Preferred Qualifications Experience in highly regulated industries such as: Banking Financial Services Insurance (BFSI) Healthcare Public Sector
Familiarity With
NIST ISO 27001 PCI-DSS SOC 2 OSFI Guidelines (Canada)
CI/CD Platforms
Azure DevOps Jenkins GitHub Actions GitLab
Additional Exposure
Container Security Kubernetes Security Cloud Workload Protection Red Team / Blue Team Collaboration Application-Layer Attack Simulation Security Incident Response Readiness Preferred Certifications CISSP CSSLP CISM CEH GWAPT OSCP Azure Security Certifications AWS Security Certifications GCP Security Certifications
Not the right fit? Search for Application Security Engineer jobs in Toronto, Ontario, Canada
About Astra-North Infoteck Inc. ~ Conquering today’s challenges, achieving tomorrow’s vision!
Astra - North Infoteck Inc.
Agile - Systems - Technologies - Resources - Applications
Apply for Jobs@ https://careers.astra-north.com/jobs/
We are a global information technology services, management consulting and outsourcing company headquartered in Canada. Astra North helps clients navigate the ever-changing complex information technology landscape with its portfolio of IT consulting services, managed services and staffing and talent management solutions.
The core challenge facing many businesses in their IT functions is the increasing shortage of talent across the globe and its resultant impact on productivity. To overcome this challenge Astra-North provides its clients with a single source Integrated Recruitment Process Outsourcing - iRPO Service. Astra-North works as a specialist strategic partner for its clients by providing the best talent pool of IT Professionals on contract hire, permanent hire or managed services basis through its comprehensive and integrated recruitment, staff augmentation, workforce solutions, recruitment process outsourcing and managed services programs which are customized for individual client needs. Astra North Staffing Services include managing programs that are in compliance with matters focussing on careers, communications, legal and regulatory issues, technology and outsourcing, budgeting and metrics, IT staffing management best practices and global staffing management issues.
Our technical service extends the entire software development lifecycle from Consulting, Business Process Analysis, Requirement Mapping, Analysis, Design, Development, Testing to Implementation and Support. Astra-North Infoteck has expertise in building, maintaining and reengineering IT solutions to meet its client’s evolving needs.We help clients become agile to meet and exceed their goals.
Astra-North ~ Conquering Today's Challenges, Achieving Tomorrow's Vision!