Senior Application Security Specialist

Overview   Beem Credit Union:
Banking for every journey
Beem is redefining what it means to be a credit union. With 80 years of cooperative history and a bold vision for the future, we’ve united to create a financial partner that offers both digital ease and people-first service.
Our mission is clear:  financial wellness for all.  We help British Columbians achieve their goals through personalized advice, innovative technology, and genuine human connection.
As one of BC’s largest credit unions, we serve over  200,000 members  across  66 branches  with  $18 billion in assets under administration .
If you’re passionate about making a difference and want to join a team that values collaboration, innovation, and purpose, join us on the journey.
Learn more:

What this role is all about  The Senior Application Security Specialist will strengthen Beem's security posture across applications, APIs, and cloud-native platforms by driving secure design, advanced application security testing, and modern vulnerability management practices. This role requires deep expertise in secure coding practices, threat modeling, application security tooling, and cloud security principles to ensure Beem's digital products are built and operated with engineering-first, financial-grade rigor.

As a key partner to engineering, product, and platform teams, you will develop, coach, and embed secure-by-design principles throughout the SDLC for both in-house and externally developed solutions.
You will conduct hands-on security reviews and lead the integration of automated security controls across the organization. You will also play a critical role in maturing Beem Credit Union's containerization efforts and security posture - enhancing runtime observability and controls at various layers, developing production-ready application security automations in code, and implementing practical solutions across hybrid environments. You will provide guidance, training, and contributions to security governance frameworks, partnering with internal teams to drive measurable improvements in product and platform outcomes.
This role is open to hybrid working arrangements within British Columbia.

What you’ll do   Application Security & Secure-by-Design
Lead shift-left strategy by embedding security expectations, controls, and testing earlier in the SDLC-driving measurable reductions in defects and rework.
Define and maintain Beem’s secure-by-design standards for applications, APIs, and microservices, ensuring engineering teams consistently adopt secure coding and architecture patterns.
Establish a repeatable, scalable threat modeling practice and operationalize it across product and engineering teams to identify risks early and guide design decisions.
Partner with Enterprise architecture and product teams to shape application designs, ensuring security requirements, abuse cases, and mitigation strategies are built into both waterfall and agile delivery teams from the outset.
Provide security guidance on API security, authentication flows, authorization patterns, data handling, and privilege boundaries, influencing the long-term direction of digital product development.

Application Security Testing & Vulnerability Management
Own the operating model for application security testing—manual assessments, SAST, DAST, SCA, API testing, and code reviews—ensuring repeatable, scalable processes across teams.
Drive the vulnerability lifecycle from discovery to remediation, applying strong judgment to risk ranking, exception handling, and cross-team prioritization.
Coordinate internal and external penetration testing activities, ensuring findings translate into actionable, timely improvements.
Design and optimize CI/CD-integrated security scanning workflows to shorten detection time and improve developer experience.
Build automation that removes operational friction in security testing, monitoring, and control enforcement—improving scale and reducing manual dependencies.
Evaluate, select, and operationalize new security technologies, ensuring tools integrate cleanly with development workflows and provide measurable risk reduction.
Drive continuous improvement of the App…