Job Description

Job Title - App Security Specialist

Location - Hybrid- Toronto.

Job Summary

6-9 years total experience in software development and DevOps, with at least 2 - 3 years hands-on security exposure (secure coding, pipeline security, API security, threat modeling).

Must Have Skills -

DevSecOps - 7-9 years

Gen AI Security - 10+

Responsibilities

+ Secure API development * Design and develop RESTful APIs and integrations with strong authentication, authorization, and data protection measures. - Work with PostgreSQL and other RDBMS to query, optimize, and secure data structures against injection attacks, data leakage, and unauthorized access. - Contribute to system architecture with Security by Design, including threat modeling and secure design reviews at the planning stage. - Write scripts to automate security scans, compliance checks, and reduce manual effort in security monitoring and deployment workflows. - Proficiency in Python, JavaScript, Java, or Go with a focus on secure coding standards (e.g., OWASP Top 10 mitigation). - Implement CI/CD pipelines with integrated SAST, DAST, dependency scanning, and secrets management for secure deployments. - Deep application of secure coding frameworks, vulnerability prevention, and industry best practices (OWASP, SANS). - Strong problem-solving and debugging skills for both functional and security-related issues in dev, test, and prod environments. - Collaborate closely with developers, operations, and security teams to embed a culture of security across all cross-functional work. Primary Skills - Secure coding (OWASP Top 10, SANS CWE) - API security (OAuth2, JWT, input validation) - CI/CD security integration (SAST, DAST, dependency scanning) - Programming in Python, JavaScript, Java, or Go - PostgreSQL database security - Threat modeling & secure architecture reviews - Security automation scripting Good to Have - Cloud security (AWS/GCP/Azure) - Container security (Docker/K8s, image scanning) - IaC security (Terraform, Ansible) - Security compliance (SOC 2, ISO 27001)