Application Security Engineer

Full Time
  • Full Time
  • Toronto

Tundra Technical Solutions



As an Application Security Engineer within the Information Security Department, you will be responsible for building security into all products end-to-end. You will be both hands-on technical and influential, where you will be expected to directly communicate with cross-functional teams in Product, Development, and DevOps. You will be responsible for analyzing the security of applications and services, discovering, and addressing security issues, building automation, and decisively taking action to mitigate emerging threats throughout the Secure Software Development Lifecycle (SSDLC).

What you will do:

• Act as a subject matter expert for strategic initiatives, quarterly projects, and on-demand consultations.


• Collaborate with product and development teams to ensure the adoption of SSDLC best practices across the entire application lifecycle (SAST, SCA, DAST, WAF, ASPM, etc.).



• Write code to implement security policies and controls for well-known orchestration platforms (GitLab, Jenkins, etc.).

• Participate in vulnerability management operations, such as: retesting and reprioritizing vulnerabilities, reviewing code changes, approving proposed remediations, etc.

• Perform white box testing on a portfolio of products.

• Contribute technical and procedural documentation towards the organization’s knowledge base.


What you will bring:

• Ability to think offensively like a hacker and defensively by evaluating applications and architecture.

• Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts.

• Read and write multiple programming languages. Java, C#, JavaScript, Apex, and Python are highly valued, but others will help too.



• Demonstrated knowledge of security best practices, principles, and common frameworks, such as: OWASP, NIST, ISO, SOC, etc.

• Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, bug bounty, etc.

• Microservice architecture expertise and best practices in securing APIs across multi-cloud environments.

• Relevant industry certifications, such as: OSCP, OSWE, GPEN, GWAPT, etc.


Given the size and scope of our organization, we have the flexibility for this position to be located in the following head office locations: Toronto, London, Winnipeg.

To apply, please visit the following URL: