App Security Specialist

Job Title - App Security Specialist

Location - Hybrid
- Toronto.

6-9 years total experience in software development and Dev Ops, with at least 2 - 3 years hands‑on security exposure (secure coding, pipeline security, API security, threat modeling).

• Dev Sec Ops  - 7-9 years
• Gen AI Security - 10+

• Secure API development
• Design and develop RESTful APIs and integrations with strong authentication, authorization, and data protection measures.
• Work with Postgre
  
  SQL and other RDBMS to query, optimize, and secure data structures against injection attacks, data leakage, and unauthorized access.
• Contribute to system architecture with Security by Design, including threat modeling and secure design reviews at the planning stage.
• Write scripts to automate security scans, compliance checks, and reduce manual effort in security monitoring and deployment workflows.
• Proficiency in Python, JavaScript, Java, or Go with a focus on secure coding standards (e.g., OWASP Top 10 mitigation).
• Implement CI/CD pipelines with integrated SAST, DAST, dependency scanning, and secrets management for secure deployments.
• Deep application of secure coding frameworks, vulnerability prevention, and industry best practices (OWASP, SANS).
• Strong problem‑solving and debugging skills for both functional and security‑related issues in dev, test, and prod environments.
• Collaborate closely with developers, operations, and security teams to embed a culture of security across all cross‑functional work.

• Secure coding (OWASP Top 10, SANS CWE)
• API security (OAuth2, JWT, input validation)
• CI/CD security integration (SAST, DAST, dependency scanning)
• Programming in Python, JavaScript, Java, or Go
• Postgre
  
  SQL database security
• Threat modeling & secure architecture reviews
• Security automation scripting

• Cloud security (AWS/GCP/Azure)
• Container security (Docker/K8s, image scanning)
• IaC security (Terraform, Ansible)
• Security compliance (SOC 2, ISO 27001)