View all jobs

Application Security Engineer

Remote, Canada · Computer/Software
Job Summary:
The Senior Application Security Engineer is primarily responsible for ensuring our applications, infrastructure and data remain secure. The Senior Application Security Engineer will work with the Director, Technology Operations to drive security across our product, development, and operations teams. The Senior Application Security Engineer will ensure that we are practicing proper security hygiene, staying ahead of the security landscape, and working with security vendors where required. The Senior Application Security Engineer will report on KPIs to measure our current security posture and derive ways to improve.

All activities must be in compliance with Equal Employment Opportunity laws, HIPAA, ERISA, and other regulations, as appropriate.
Essential Functions: In addition to working in accordance with appropriate conduct and behavioral standards, specific responsibilities of this role include:
 Automate and manage SAST,DAST,IAST & SCA across our portfolio of products
 Integrate security into the SDLC including threat modeling, development standards, standardized processes, etc
 Create & execute on penetration test plans
 Perform security reviews on new product designs
 Train and educate on security principals and best practices
 Evaluate and implement new security products and solutions
 Provide remediation guidance and oversight to discovered vulnerabilities
 Communicate with all levels of the organization, often balancing competing priorities
 Perform research on emerging cybersecurity vulnerabilities and ensure we remain secure
 Collect and report on KPIs to ensure we maintain our security hygiene
 Participate in 24/7 on-call rotation for security event response
 Lead and coordinate projects independently
 Demonstrate a degree of knowledge throughout all Nextech products and technologies
 Carry out additional responsibilities as assigned based on business need

 CISSP or comparable certification
 5+ years of experience application security or cybersecurity roles
 Experience and understanding of application and infrastructure security standards and best practices
 Experience in security hardening in a public cloud environment (Azure) at a SaaS company
 Proficient in at least one modern programming language such as C#, Java, C++, Python, C#, TypeScript etc used in
the development of software solutions
 Willingness to participate in 24x7 incident response

Preferred Qualifications:
 Knowledge of cloud architectures and solutions
 Previous experience working in healthcare with an understanding of HIPAA
 Hold an Offensive Security Certified Professional (OSCP) certification
 Familiarity with security frameworks such as OWASP (including Mobile) NIST CSF, NIST SP 800-x, COBIT, ISO-27001, PCI DSS
 Working experience with NIST Common Vulnerability Scoring System (CVSS) and Threat Modeling Framework such as STRIDE or PASTA

Share This Job

Powered by