Senior Lead Application Security Engineer

We are looking for an Application Security Engineer to join the Agentic Platform pillar working within the Cloud Platform team. This team owns the secure governed foundation that enables all of Copperleafs R&D teams to build and ship this role you will embed security directly into the platform and across every CI/CD pipeline shifting our posture from reactive to proactive. You will bring traditional application security depth into our DevSecOps culture and critically use AI agents to continuously and autonomously improve our security posture. Our operating premise is simple: agentic attacks require agentic defense. You will build the agents skills and guardrails that detect triage and remediate security risk at machine speed staying ahead of threats rather than responding to them after the fact. This is a hands-on implementation-first role: you will personally build ship and operate the security changes you design working directly in the code and the pipelines rather than advising from the sidelines.

Key Responsibilities

• Embed application security into the Cloud Platform and across all CI/CD pipelines making secure-by-default the path of least resistance for every R&D team.
• Design build and operate AI-driven security agents that proactively scan triage and remediate vulnerabilities across source code dependencies containers and infrastructure-as-code turning point-in-time reviews into continuous autonomous coverage.
• Establish secure software development lifecycle (SSDLC) practices threat modeling and secure-coding standards and integrate automated enforcement (SAST SCA DAST secrets scanning IaC scanning) as native pipeline gates rather than bolt-on checks.
• Lead the security of our own agentic systems: defend against prompt injection tool/MCP abuse data exfiltration excessive agency and supply-chain risk in line with frameworks such as the OWASP Top 10 for LLM Applications and MITRE ATLAS.
• Drive proactive vulnerability management: remediate HIGH and CRITICAL CVEs across platform infrastructure and container images in line with contractual and compliance commitments and automate the toil out of it.
• Partner with engineering teams to harden Azure Kubernetes Service (AKS) workloads identity and access (Keycloak Azure AD Managed Identities workload identity) network segmentation and secrets management.
• Contribute security evidence and controls to compliance programs (SOC 2 ISO 27001 Cyber Insurance) and automate evidence collection and continuous control monitoring with agentic tooling.
• Define and maintain security runbooks detection logic and incident response procedures and build the agents that execute and accelerate them.
• Act as the security skill set within the platform team raising the bar through code review pairing and sharing pragmatic developer-friendly guidance.
• Contribute to improving the Agentic Operating Model through development of security-focused agent skills prompts and tooling that other teams can reuse.

Technical Focus Areas

• Application security fundamentals: secure SDLC threat modeling OWASP Top 10 secure code review and remediation across multiple languages and stacks.
• Agentic and AI security: securing LLM- and agent-based systems (prompt injection tool/MCP security sandboxing guardrails) plus building autonomous agents that perform security work. OWASP Top 10 for LLMs and MITRE ATLAS a strong asset.
• DevSecOps and pipeline security with Azure DevOps: SAST SCA DAST secrets and IaC scanning SBOM generation container signing and attestation and pipeline access controls.
• Security scanning and tooling: Mend (SCA/SAST) Azure Defender for Cloud and MDR/SOC platforms.
• Hands-on with modern agentic and AI-security tooling: agentic coding and security assistants (e.g. Claude Code with custom agent skills and MCP) AI-assisted code analysis and autofix (e.g. Semgrep Snyk / DeepCode AI GitHub Copilot Autofix / CodeQL) LLM and agent red-teaming (e.g. garak Microsoft PyRIT Promptfoo) and runtime guardrails and model supply-chain protection (e.g. Lakera Guard NVIDIA NeMo Guardrails Protect AI).
• Cloud-native security on Azure Kubernetes Service (AKS): RBAC network policies admission controllers (e.g. Kyverno) workload identity and cluster hardening.
• Identity and access management: Keycloak Azure Active Directory Managed Identities and secrets management (e.g. CSI secrets driver Key Vault).
• Infrastructure-as-code: Bicep or Terraform for security configuration policy-as-code and drift management.
• Compliance frameworks and automated evidence collection: SOC 2 ISO 27001 and Cyber Insurance requirements.
• Scripting and automation (e.g. Python PowerShell or C#) to build security tooling and orchestrate agents.

Qualifications :

Area of specialization: Application Security & DevSecOps Agentic Defense

About you

• You think proactively: you anticipate how systems will be attacked and build defenses ahead of the threat rather than waiting to respond.
• You are a do-er not just an advisor: you implement the fixes yourself and measure success by what ships and what is provably more secure not by recommendations handed to someone else.
• You demonstrate strong ownership of technical outcomes and a commitment to quality.
• You apply sound engineering judgment when making design and implementation decisions balancing security rigor with developer velocity.
• You communicate clearly and effectively with both technical and non-technical stakeholders.
• You continuously develop technical and domain expertise in application security cloud security and the rapidly evolving field of agentic/AI security.
• You collaborate effectively within cross-functional outcome-oriented teams.
• You leverage AI to accelerate projects and improve overall quality of output and you are excited to push the frontier of what agentic defense can do.

Additional Information :

What Were Offering

• Salary Range: $117000 CAD - $167000 CAD
• Permanent Full-time

Use of Artificial Intelligence in Recruitment
As part of our recruitment process we may use automated tools including artificial intelligence to help screen and assess applications based on jobrelated criteria such as skills experience and qualifications.
These tools do not make hiring decisions. All employment decisions are reviewed and made by members of our hiring team.

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles while also valuing inclusive workplace experiences. By fostering a sense of community we drive innovation strengthen connections and nurture belonging. Our commitment ensures you can work in a way that suits you best while also engaging with colleagues to share ideas and build meaningful relationships.

Remote Work :

No

Employment Type :

Full-time