Senior Application Security Engineer

Senior Application Security Engineer

Toronto, Ontario, Canada  - Permanent

Job Description

We are seeking a Senior Engineer focused on Application Security to join our Engineering team. The Senior Application Security Engineer works closely with development teams, engineering and product managers and third-party groups (including the paid bug bounty program and security auditors) to identify and remediate security vulnerabilities in our products and practices.

With this role, hopefully you are someone who likes digging deep in infrastructure and code to find and fix the root cause of security vulnerabilities. You enjoy working with engineers of all disciplines and technology stacks both to achieve your goals and to educate others. You’ll be contributing to projects that are highly visible to our executive team.

What will you do:
- Work with our analytics, marketing and data science teams to understand our data processing needs.
- Be a key hands-on contributor to the design and implementation of our data platform solutions from the infrastructure layer up to the API.
- Model and architect our data in a way that will scale with the increasingly complex ways we’re analyzing it.
- Build robust pipelines that make sure data is where it needs to be, when it needs to be there.
- Build frameworks and tools to help our software engineers, data analysts, and data scientists design and build their own data pipelines in a self-service manner.
- Performance testing and engineering to ensure that our systems always scale to meet our needs.
- Be a key member of the team focused on pure hands-on contribution to the implementation and operation of our data platform.

Key Responsibilities:
- You run web application security audits and tests against our applications and infrastructure.
- You research and verify reported security vulnerabilities in our applications and infrastructure.
- You educate software developers on common vulnerabilities and measures they can take to prevent them in their applications.
- You deploy and maintain code scanning tools.
- You audit our application and infrastructure security settings.

Technology we use:
- IDEs, debuggers, open-source tools, Burp Suite.
- Python/Django.
- Amazon Web Services (AWS): Identity Access Management (IAM), Virtual Private Cloud (VPC).
- Kubernetes, SumoLogic, Terraform
- Confluence, Jira, Google GSuite

Must Have Skills:

Your experience:
- Knowledgeable of security libraries, security controls, and common security flaws.
- Basic development and debugging skills in a modern web application language. Python is preferred.
- Ability to work in all areas of the tech stack, including infrastructure through the application layer to client libraries.
- Experience with OWASP Top 10 and the CVE program.
- Familiarity with cloud security controls and best practices.
- Experience with Amazon Web Services (AWS) is preferred but not required.
- Familiarity in setting up and using static and dynamic code analysis, container auditing tools, or other tools incorporated in the software development lifecycle.
- Experience with a security information and event management (SIEM) tool (e.g. SumoLogic).
- Experience with web application security testing tools (e.g. Burp Suite).

Nice to Have Skills:

Certified Secure Software Lifecycle Professional (CSSLP).
Certified Ethical Hacker (CEH).


Starting: ASAP

Similar jobs in Toronto:

Similar jobs in other locations: