More jobs:
Senior Application Security Analyst Details
Job in
Mississauga, Ontario, C4W, Canada
Listed on 2026-07-13
Listing for:
Purolator
Full Time
position Listed on 2026-07-13
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant
Job Description & How to Apply Below
It’s not a package. It’s a promise®.
As Canada’s leading integrated freight, package, and logistics provider, we’ve been helping promises get where they need to be for more than 60 years. How does the magic happen? The journey starts with you . The places we go, the elements we brave, the promises we deliver - it’s all possible because of our people. So, whether you’re looking to build new skills, make an impact in your community, or inspire your team, we go there for you.
Description
Purolator is one of Canada’s leading integrated freight, package, and logistics solutions providers, delivering dependable service to customers across the country. Security is a core enabler of Purolator’s digital and operational strategy. The Information Security Office partners closely with technology and business teams to protect Purolator’s systems, data, and customers while enabling innovation and secure delivery at scale.
The Senior Application Security Analyst is responsible for embedding security into the software development lifecycle (SDLC) by partnering closely with application and engineering teams. This role focuses on identifying, assessing, and reducing application and API security risk through threat modeling, secure design reviews, vulnerability management, and the operationalization of application security controls.
The successful candidate will act as a subject matter expert for application security, providing hands‑on guidance to development teams while helping mature secure development practices across the enterprise.
Responsibilities
Application & API Security
Perform application and API security assessments, including design reviews, threat modeling, and architecture reviews, in alignment with enterprise application security standards
Identify security risks across custom‑built, SaaS, and third‑party applications and work with application owners to define practical remediation plans
Review authentication, authorization, data handling, and integration patterns to ensure secure‑by-design implementations
Secure SDLC & Dev Sec Ops
Embed security requirements and controls early in the SDLC (“shift left”) by working directly with development and delivery teams
Support the integration and tuning of Static Application Security Testing (SAST), Software Composition Analysis (SCA), secret scanning, Dynamic Application Security Testing (DAST) and other application security tooling within CI/CD pipelines
Provide secure coding guidance and recommendations based on OWASP Top 10 and industry best practices
Develop and maintain clear, reusable documentation and standardized frameworks to enable consistent adoption of application security practices across teams
Vulnerability & Risk Management
Triage and assess application security findings from automated tools, penetration tests, and manual reviews
Partner with application teams to prioritize remediation based on risk, exploitability, and business impact
Advisory & Stakeholder Engagement
Act as a trusted security advisor to application owners, architects, and developers
Contribute to the development and maintenance of application security standards, patterns, and guidance documentation
Support third‑party assessments and security reviews for externally developed or hosted applications
Continuous Improvement
Identify opportunities to improve application security processes, tooling, and governance
Stay current with emerging application security threats, vulnerabilities, and defensive techniques
Required Qualifications
Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience
5+ years of progressive experience in application security, secure software development, or product security
Strong understanding of web and API technologies (HTTP/S, REST, JSON, OAuth, OpenID Connect, SAML)
Hands‑on experience with application security testing tools (SAST, SCA, DAST, secret scanning)
Solid knowledge of OWASP Top 10, threat modeling methodologies, and secure coding principles
Strong analytical, problem‑solving, and communication skills, with the ability to explain security risks to both technical and non‑technical audiences
Exceptional…
Position Requirements
10+ Years
work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×