Application Security Specialist

About The Position

Requirements

• Strong drive to learn, improve, and become an expert in application security.
• Some experience in software development, QA or penetration testing (even co-op or personal projects).
• Familiarity with modern web applications and security fundamentals.
• Clear communication skills
• Willingness to work toward a certification like OSCP or OSWA (we’ll support you).

Nice To Haves

• Exposure to web app security testing or bug bounty programs.
• Hands-on experience practicing offensive security techniques (CTFs, labs, or platforms such as Hack The Box) is a plus
• Experience with dev tools and CI/CD pipelines.
• Familiarity with security issues in modern JavaScript, Python, or cloud-based applications.

Responsibilities

• Review and risk rate upcoming features based on potential security impact. Work closely with devs on high risk projects.
• Conduct manual and exploratory security testing on features before they ship.
• Actively participate in team standups for 2–3 development teams, building trust and offering guidance when needed.
• Break things. Your job is to think like an attacker and uncover issues devs may not see.
• Manage and support internal security tools (e.g., SemGrep, Datadog, Retool, etc.) and help teams use them responsibly.
• Continuously improve our security review process, tooling, and internal documentation.
• Shadow senior security team members and pursue self-guided learning to level up your skills.

Benefits

• Unlimited vacation
• Extended health coverage
• 5% RRSP matching