Sr Application Security Engineer – Digital Nova Scotia – Leading Digital Industry

Sr Application Security Engineer

The Sr Application Security Engineer will play a pivotal role in driving the secure design, development, and deployment of our software applications. You will be responsible for identifying, analyzing, and mitigating security risks across our application portfolio. You will collaborate closely with cross-functional teams and contribute to the overall success of our security program. The ideal candidate has deep domain knowledge across modern security frameworks, tools, and best practices, and experience interfacing with enterprise-level customers. Open to remote, must be US-based.

What You’ll Do

  • Design, implement, and maintain secure CI/CD pipelines, ensuring code is automatically scanned and validated for security vulnerabilities.
  • Conduct continuous security testing, including static application security testing (SAST), SCA, dynamic application security testing (DAST), and interactive application security testing (IAST).
  • Implement and maintain security controls in cloud native applications covering containers, cloud configurations and API’s.
  • Develop and maintain automation scripts for security tasks, such as vulnerability scanning, reporting and dashboarding.
  • Ensure that the organization’s infrastructure and applications comply with relevant security standards and regulations.
  • Manage third-party security assessments and penetration testing engagements, ensuring timely remediation of identified issues.
  • Provide guidance on secure coding practices, architecture design, and threat modeling to development teams.
  • Drive the adoption of secure coding tools and technologies to automate and streamline security testing processes.
  • Contribute to the development and execution of security awareness and training programs.
  • Collaborate with Engineering, DevOps, and product teams to embed security into the software development lifecycle.

What You’ll Bring

  • 5+ years of progressive experience in Enterprise Software Application Security.
  • Bachelor’s degree in computer science, Information Security, or related field.
  • Strong knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten).
  • Experience with application security testing tools (SAST, DAST, SCA) and vulnerability assessment methodologies.
  • Ability to communicate effectively with technical and non-technical stakeholders, including executives.
  • Strong analytical and problem-solving skills, with the ability to drive solutions to complex security challenges.
  • Experience with Cloud security best practices (preferably AWS).
  • Strong understanding of supply chain attacks and how to successfully mitigate them.
  • Data-driven mindset with strong attention to detail.
  • Ability to thrive in an ambiguous and fast paced environment.
  • Intellectual curiosity & willingness to take ownership of deliverables.
  • Enjoy orchestrating people and managing complicated cross-functional challenges.

Nice To Have

  • Master’s degree in computer science, Information Security, or related field.
  • Professional certifications such as CISSP, CSSLP, CISM, or equivalent.