Full-Time Position - Toronto
Hiring a full-time Application Security Engineer in Toronto, ON! This role will act as both a builder and a breaker by creating tools to help our client's engineers write more secure code and performing penetration tests for public and internal applications.
Perks You'll Love
- Join a cutting edge, go big or go home team with transparent culture
- Annual performance and team party
- Compensation plan includes Apple Macbook Pro/Air & Smartphone
What You'll Be Doing
- Create defenses for large scale production infrastructure, spanning multiple clouds and impacting millions of customer's daily lives.
- Acting as both a builder and a breaker by creating tools to help our client's engineers write more secure code and performing penetration tests for public and internal applications.
- Conduct manual and automated application security testing and source code auditing for a variety of technologies
- Providing subject matter expertise in architecture, authentication, and systems security. Understanding our full engineering stack, services, and data flow, and owning their security controls.
- Working in a fast pace environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.
- Performing source-code reviews, code check-ins/audits.
- Implementing and maintaining technologies for security, such as vulnerability testing, logging, monitoring and incident responses.
- Consulting with engineers on planned/current platform and code changes to ensure security is given due consideration during architectural planning and implementation.
- Assist engineering teams in developing additional security tests
- Develop tools to support application security review process
- Stay on top of the latest security research including best practices, threats, trends and vulnerabilities
What You're Bringing
- 3+ years in application security role
- 5+ years in engineer role
- Bachelor of computer science, computer engineering or equivalent
- You have vulnerability and penetration testing experience
- Reverse engineering abilities
- Strong written and verbal communication skills. Ability to mentor other.
- Firm grasp of networking protocols and operations.
- Comfortable with low-level packet sniffing, working knowledge of Kali, Wireshark, Burpsuite, Metasploit, nmap, fiddler, sqlmap, nessus.
- Knowledge of network attacks, detections, and defenses.
- Must have experience in programming languages and security frameworks such as Python, Ruby, Node.js, Java, Golang, Bash, Spring Security, and Shiro.
- Knowledge of AWS and Cloud Data Security such as EC2, ECS, VPC, VPN, IAM, KMS, Security Groups/Subnets, etc. is required.
- Must have knowledge of theoretical and applied cryptography, key management, and a strong understanding of cryptography algorithms such as RSA, AES, SSL vs TLS, PKI, etc.
- Working knowledge with Vault or KMS is considered an asset.
- Thorough understanding of authentication, authorization, and directory services such as SSO, OAuth, or OpenId.
- Experience in conducting application security reviews for a complex set of technologies
- Experience triaging and validating security vulnerabilities
We Are An Equal Opportunity Employer
All qualified applicants will receive equal consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Canadian Work Authorization
All applicants MUST be authorized to work in Canada. Any applicants not meeting this criteria will not be notified and will not be considered eligible for the position.
Apply for this Job