Application Security Manager at Workleap embedding security in products and development workflows. You will write code, build tooling, and ensure secure software delivery.
Responsibilities
Ensure security is embedded into CI/CD pipelines by delivering scalable, automated tooling and integrated security checks (SAST, DAST, SCA, secret scanning);
Enable secure-by-default development by designing and implementing automated, policy-driven security review workflows;
Establish robust security guardrails within AI-assisted development and agent workflows to reduce risk while maintaining developer velocity;
Reduce risk exposure by proactively identifying, assessing, and driving remediation of application security vulnerabilities;
Strengthen application security posture by leading threat modeling and security assessments for new features and architectural changes;
Improve detection and response capabilities through the development of automation, tooling, and streamlined vulnerability management processes;
Elevate cloud and application security by partnering with Infrastructure SecOps to harden Azure environments and deployment practices;
Enhance external security feedback loops by contributing to and scaling the bug bounty program and vulnerability intake processes.
Requirements
8+ years of experience in application security, DevSecOps, or security-focused software development;
Strong software engineering background combined with deep security expertise;
Deep understanding of web application security principles, OWASP Top 10, and CWE Top 25;
Hands-on experience performing secure code reviews in C#;
Experience building and maintaining security automation in CI/CD pipelines (GitHub Actions preferred);
Solid understanding of Azure cloud services, infrastructure security, and deployment patterns;
Experience integrating SAST, DAST, SCA, and secret scanning tools into development workflows;
Proficiency in scripting (Python, Bash) for automation and tooling;
Extensive hands-on experience with AI-assisted and agentic development workflows, with deep expertise in their security implications;
Familiarity with authentication protocols such as OIDC, SAML, and OAuth;
Ability to clearly communicate security risks and trade-offs to both technical and non-technical stakeholders.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.