Security Compass is hiring a

Senior Researcher, Application Security

Toronto, Canada

Here at Security Compass, we are on a mission to create a world where we can trust technology.  We get that isn’t easy, but that’s exactly why we are taking up the challenge.  We help enterprise clients manage cybersecurity risk without slowing down their business.  This is achieved by building security into their end-to-end processes with our three offerings: our leading-edge software SD Elements, industry recognized cyber security training and our renown Advisory consulting practice.   

As a Senior Security Researcher – Application Security, you’ll be reporting to the Lead, Security Research. You should have a solid understanding of the software development lifecycle, Cybersecurity, and familiarity with critical application security vulnerabilities such as the OWASP Top 10. This position is ideal for practitioners with a passion for software security who are looking to work within a research team, or developers who want to help influence other developers in software security. You will have a chance to positively impact nearly every part of the world's digital infrastructure by helping shape secure software development for our clients: the world's largest financial services, software, healthcare, telecom, technology, media and industrial control system companies.

What you’ll do

  • Stay up-to-date with the latest software security vulnerabilities, protection mechanisms, and related compliance standards
  • Understand and learn about a broad range of application types that include web, mobile, client/server, desktop, and embedded software
  • Work with AppSec experts on building secure coding samples in a variety of languages
  • Develop Python scripts to automate day-to-day workflows and processes
  • Transform compliance regulations and standards into actionable tasks that can be easily consumed by software developers, dev managers, and DevOps engineers; align and match the mandates of those regulations and standards to existing security controls
  • Develop security content and solutions for most recent vulnerabilities and attacks

What you’ll need to succeed

  • Minimum 5 years of industry experience or equivalent combination of graduate level academic experience (i.e. MSc, PhD in Computer Science or InfoSec) and few years of industry experience
  • Experience in Application Security, knowledge of common vulnerabilities and best practices such as OWASP Top 10, SANS 25, and ASVS.
  • Solid understanding of software development lifecycle (waterfall, agile), DevOps processes (CI/CD), cloud computing (i.e. AWS, Azure, GC, etc.), DevSecOps (Cloud and Container technologies), AppSec (Web and Mobile), and Manufacturing (IoT and control systems).
  • Experience with two or more modern programming languages such as Java, Python, Ruby, JavaScript (React, Angular), mobile (iOS, Android) programming (Objective-C, Swift, Kotlin, Flutter)
  • Strong scripting skills (i.e. Python, PowerShell, etc.)
  • Familiarity with some security and privacy compliance standards/regulations such as ISO 27000, NIST 800-53, CSA CCM, PCI-DSS, GDPR, and HIPAA
  • Strong written communication skills and a desire to do technical writing
  • Time management, multitasking, and prioritization skills to work in a fast-pace and agile environment

Nice to have:

  • Security certifications (i.e. CISSP, OSCP, etc.)
  • Hands on experience in Cloud and Container security


Why Security Compass?

  • Make a difference. Our suite of products and services help make software more secure for our customers, their clients and the world as a whole. 
  • Have a voice. Be trusted.  Our organizational structure and open communication programs create an environment where employees drive the company’s culture and decisions.
  • Have fun. Our social events and games around the office are the just a few ways we let loose.  We don’t take ourselves too seriously.
  • Universal Acceptance. Diversity is our differentiator.  We speak up for inclusion.  We respect all forms of intelligence. 
  • Be innovative. We give dedicated time to focus on passion projects and encourage new ideas in all that we do.  We encourage disruptive thinking. You’ll be able to spend 10% of your time working on a side-project of your choosing.
  • Grow your career. We make your growth and learning a priority by giving a dedicated training budget.   We create opportunities to take on new projects in security and beyond.  This past year Developers have attended JSConf in Iceland, PyCon, and Full Stack Fest in Barcelona.
  • Find balance. We support work from home, have flexible work hours, and open vacation.

Click here to start imagining your future at Security Compass!

Security Compass is an equal opportunity employer. We are committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require any accommodation, please inform [email protected]  so that an inclusive and barrier free process can be provided for candidates taking part in all aspects of the hiring process.  All information provided will be addressed confidentially.

Looking for a job?

Senior Researcher, Application Security at Security Compass looks great, right? We have dozens of similar job posts on our site, interested? Leave your email and we'll send the best matches.