×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Systems Engineer IT Consultant

Application Security Engineer; SME - DevSecOps, Pen Testing

Job in Toronto, Ontario, C6A, Canada
Listing for: Astra-North Infoteck Inc. ~ Conquering today’s challenges, achieving tomorrow’s vision!
Full Time position
Listed on 2026-06-27
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Systems Engineer, IT Consultant
Salary/Wage Range or Industry Benchmark: 90000 - 120000 CAD Yearly CAD 90000.00 120000.00 YEAR
Job Description & How to Apply Below
Position: Application Security Engineer (SME) - DevSecOps, Pen Testing

We are seeking an experienced Senior Application Security SME/ Dev Sec Ops  Security Consultant to lead and mature application security practices across enterprise platforms and development teams. The ideal candidate will have deep expertise in modern application architectures, secure coding practices, security testing methodologies, and the ability to partner effectively with development, engineering, Dev Ops, and risk teams to embed security throughout the software delivery lifecycle.

Primary

Skills
  • Application Security
  • Secure SDLC (SSDLC)
  • Dev Sec Ops
  • Threat Modeling
  • Cloud Security (Azure, AWS, GCP)
  • Security Architecture
  • Vulnerability Management
  • SAST / DAST / SCA
  • OWASP Top 10
  • API Security
Key Responsibilities Application Security Strategy & Advisory
  • Act as the Subject Matter Expert (SME) for application security across enterprise platforms and development teams.
  • Define and enhance the organization's application security strategy, standards, and control frameworks.
  • Provide expert guidance on secure design, secure coding, threat mitigation, and vulnerability management.
  • Partner with engineering and architecture teams to embed security‑by‑design principles into applications and digital initiatives.
Secure SDLC / Dev Sec Ops  Enablement
  • Drive implementation and maturity of the Secure Software Development Lifecycle (SSDLC).
  • Integrate security controls and testing into CI/CD pipelines and Dev Sec Ops  workflows.
  • Enable use of security tools and automation across build and release processes.
  • Promote a shift‑left security approach to detect and remediate issues early in the development lifecycle.
Architecture Reviews & Threat Modeling
  • Perform application architecture and design reviews to identify security risks and recommend remediation strategies.
  • Lead threat modeling sessions for web, mobile, API, and cloud‑native applications.
  • Review application components for vulnerabilities related to authentication, authorization, session management, input validation, data protection, and API security.
  • Recommend secure reference architectures, reusable security patterns, and implementation guardrails.
Security Testing & Vulnerability Management
  • Lead or support application security assessments, including:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Software Composition Analysis (SCA)
    • API Security Testing
    • Manual Security Reviews and Penetration Testing Coordination
  • Analyze, triage, and prioritize vulnerabilities based on risk and business impact.
  • Work closely with development teams to track remediation and validate closure of security issues.
  • Support secure management of open‑source components and third‑party libraries.
Cloud & Modern Application Security
  • Provide security guidance for modern application environments, including:
    • Microservices and APIs
    • Containers and Kubernetes
    • Cloud‑Native Applications
    • Serverless and Event‑Driven Architectures
  • Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP.
Compliance, Governance & Risk
  • Ensure application security practices align with internal security policies and external standards and regulations.
  • Support compliance requirements related to secure development and application security controls.
  • Contribute to audit responses, control evidence collection, and security risk assessments.
  • Develop security metrics, dashboards, and reporting to track application security posture and control effectiveness.
Required Qualifications
  • Bachelor's degree in Computer Science, Information Security, Engineering, or related field.
  • 8+ years of experience in Application Security, Secure Software Engineering, Cybersecurity Architecture, or related roles.
  • Proven experience implementing and managing application security programs in enterprise environments.
Strong Understanding Of
  • Secure SDLC / SSDLC
  • Dev Sec Ops  Principles
  • OWASP Top 10
  • API Security Top 10
  • Common Software and Web Application Vulnerabilities
Hands‑On Experience With Application Security Testing Tools SAST
  • Checkmarx
  • Fortify
  • Veracode
  • Sonar Qube
DAST
  • Burp Suite
  • App Scan
  • Acunetix
SCA
  • Snyk
  • Black Duck
  • Mend / White Source
Additional Requirements
  • Experience in Threat Modeling methodologies (e.g., STRIDE).
  • Str…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search