Senior Application Security Engineer

Join a leading investment organization that is driving digital innovation and modernizing the technology capabilities that support critical business operations. As a Senior IT Security Engineer, you will play a pivotal role in shaping and strengthening the organization's application security and DevSecOps practices. Working within a collaborative Agile environment, you will partner with development, operations, and product teams to design, implement, and continuously improve security solutions across complex enterprise systems and cloud environments. This is an opportunity to influence security strategy, mentor technical teams, and help build secure, scalable solutions that support long-term business objectives. If this sounds like you please apply directly or send your resume to ***email_hidden***.

Responsibilities

• Lead the evaluation, implementation, and optimization of application security tools including SAST, DAST, IAST, and SCA solutions, ensuring effective integration within enterprise CI/CD pipelines.
• Conduct application security assessments, threat modeling exercises, architecture reviews, and security risk evaluations for internally developed applications, SaaS platforms, and third-party solutions.
• Partner with development, DevSecOps, operations, and product teams to establish secure coding standards, define security requirements, and embed security throughout the software development lifecycle.
• Drive vulnerability management activities by identifying, prioritizing, validating, and supporting remediation efforts while continuously improving the organization's security posture.
• Develop and maintain security automation, monitoring capabilities, and technical documentation to support continuous assurance, incident response, and regulatory compliance requirements.
• Provide technical leadership and mentorship to team members, champion a security-first culture, and stay ahead of emerging threats, including evolving AI/ML and application security risks.

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, or a related discipline, with 8-10+ years of progressive experience in information security and security engineering roles.
• Strong hands-on expertise in application security, secure software development practices, threat modeling, ethical hacking, penetration testing, and vulnerability management.
• Proven experience implementing and operationalizing application security testing tools (SAST, DAST, IAST, SCA) within modern CI/CD and DevSecOps environments.
• Deep knowledge of cloud security principles, particularly within Microsoft Azure environments, as well as secure API design, OAuth 2.0, OpenID Connect, authentication, authorization, and encryption technologies.
• Strong programming and scripting capabilities, with experience in one or more languages such as Python, JavaScript/TypeScript, Java, C#, or Go.
• Excellent communication, stakeholder management, and problem-solving skills, with the ability to translate complex security concepts into practical guidance for technical and non-technical audiences. Security certifications such as GWAPT, GWEB, CSSLP, CEH, OSWE, or equivalent experience are considered an asset.

Pay: $90-110 per/hour

Hybrid in Vancouver, or Victoria.

Please note that the posted pay range for this role may vary based on seniority, qualifications, or prior experience. We are always looking for talented people to join our network, and if your desired compensation isn't reflected in this posting, please send your application for review regarding related opportunities.