Senior Application Security Engineer About ANVIL
ANVIL is a trusted partner in the defence industry, delivering cutting‑edge solutions that enhance military capabilities and operational effectiveness. We extend our expertise to public safety, law enforcement, and national security organizations, accelerating mission‑critical decision‑making through analytical tools, automations, and game‑changing machine learning capabilities. ANVIL helps organizations discover, manage, enrich, fuse, and exploit the information available to them in support of Information Dominance and Decision Advantage.
Job Type: Full Time Remote (Hybrid option available for those in the Ottawa area - 55 Murray Street Office)
Total Compensation: CAD $125,000 to $165,000 base salary - Placement within range based on experience and qualifications
As a Senior Application Security Engineer, you will be a cornerstone of ANVIL’s security posture — reporting directly to the Director of Security Engineering and playing a key role in building out our application security program from the ground up. You will embed security practices across the software development lifecycle and provide hands‑on expertise in threat modeling, penetration testing, and secure deployment architecture.
ANVIL’s products are primarily deployed in air‑gapped, classified environments — which means the security decisions you make have real operational weight and must hold up without the safety net of perimeter‑based cloud controls. You will work closely with engineering teams to ensure that security is not an afterthought but an intrinsic quality of everything we ship.
Working alongside the Director of Security Engineering, you will help shape App Sec strategy, conduct architecture reviews, perform application and infrastructure penetration testing, and drive the maturation of our secure development practices. You will also serve as a subject‑matter expert and trusted advisor for our customers in the defence and national security space — organizations where the consequences of a security failure are never abstract.
We value people who have an ingrained sense of accountability to the team around them. As an ideal candidate, you are not only technically qualified but demonstrate a strong work ethic and take pride in your craft. You collaborate and communicate effectively with the other talented and motivated members of our organization — translating complex security risks into clear, actionable guidance for both technical and non‑technical audiences.
We encourage our employees to expand their horizons by developing new skills, sharing bold ideas, and taking risks. As a senior engineer, you lead by example and provide mentorship to other employees in your field of expertise.
This is a full‑time position based in Ottawa with up to 25% travel primarily in the National Capital Region. Eligible candidates must either possess or be eligible to obtain a Government of Canada Secret or Top Secret security clearance.
Required QualificationsSecurity Clearance
Eligible for Government of Canada Secret or Top Secret security clearance
Education & Experience- Bachelor's degree in Software Engineering, Computer Science, Cybersecurity, or a related technical field, or 10+ years of professional software or security engineering experience
- Minimum of 7+ years of experience in application security, penetration testing, or security engineering roles
- A minimum of 3+ years of hands‑on experience with threat modeling methodologies (e.g., STRIDE, PASTA, LINDDUN, or Attack Trees)
- A minimum of 3+ years of experience embedding security into CI/CD pipelines and secure SDLC practices
- Demonstrated experience conducting application and infrastructure penetration tests and red team assessments in production or pre‑production environments
- Proven experience securing applications and infrastructure in air‑gapped, on‑premises, or classified deployment environments
- Experience with GCP or equivalent cloud platform for dev/staging environment security
- Expert knowledge of application security principles and secure development practices (OWASP Top 10, SANS CWE, NIST SSDF)
- Expert knowledge of threat…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: