Senior Application Security Analyst
Share
Job Location:
Mississauga - Canada
Monthly Salary:
Not Disclosed
Posted on:
7 hours ago
Vacancies:
1 Vacancy
Job Summary
Its not a package. Its a promise.
As Canadas leading integrated freight package and logistics provider weve been helping promises get where they need to be for more than 60 years. How does the magic happen The journey starts with you. The places we go the elements we brave the promises we deliver its all possible because of our people. So whether youre looking to build new skills make an impact in your community or inspire your team we go there for you.
Description
Purolator is one of Canadas leading integrated freight package and logistics solutions providers delivering dependable service to customers across the country. Security is a core enabler of Purolators digital and operational strategy. The Information Security Office partners closely with technology and business teams to protect Purolators systems data and customers while enabling innovation and secure delivery at scale.
The Senior Application Security Analyst is responsible for embedding security into the software development lifecycle (SDLC) by partnering closely with application and engineering teams. This role focuses on identifying assessing and reducing application and API security risk through threat modeling secure design reviews vulnerability management and the operationalization of application security controls.
The successful candidate will act as a subject matter expert for application security providing handson guidance to development teams while helping mature secure development practices across the enterprise.
Responsibilities
Application & API Security
- Perform application and API security assessments including design reviews threat modeling and architecture reviews in alignment with enterprise application security standards
- Identify security risks across custombuilt SaaS and thirdparty applications and work with application owners to define practical remediation plans
- Review authentication authorization data handling and integration patterns to ensure secureby-design implementations
Secure SDLC & DevSecOps
- Embed security requirements and controls early in the SDLC (shift left) by working directly with development and delivery teams
- Support the integration and tuning of Static Application Security Testing (SAST) Software Composition Analysis (SCA) secret scanning Dynamic Application Security Testing (DAST) and other application security tooling within CI/CD pipelines
- Provide secure coding guidance and recommendations based on OWASP Top 10 and industry best practices
- Develop and maintain clear reusable documentation and standardized frameworks to enable consistent adoption of application security practices across teams
Vulnerability & Risk Management
- Triage and assess application security findings from automated tools penetration tests and manual reviews
- Partner with application teams to prioritize remediation based on risk exploitability and business impact
Advisory & Stakeholder Engagement
- Act as a trusted security advisor to application owners architects and developers
- Contribute to the development and maintenance of application security standards patterns and guidance documentation
- Support thirdparty assessments and security reviews for externally developed or hosted applications
Continuous Improvement
- Identify opportunities to improve application security processes tooling and governance
- Stay current with emerging application security threats vulnerabilities and defensive techniques
Required Qualifications
- Bachelors degree in Computer Science Information Security or a related field or equivalent practical experience
- 5 years of progressive experience in application security secure software development or product security
- Strong understanding of web and API technologies (HTTP/S REST JSON OAuth OpenID Connect SAML)
- Handson experience with application security testing tools (SAST SCA DAST secret scanning)
- Solid knowledge of OWASP Top 10 threat modeling methodologies and secure coding principles
- Strong analytical problemsolving and communication skills with the ability to explain security risks to both technical and nontechnical audiences
- Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
- Ability to work effectively in a cross-disciplinary team across multiple projects and multiple locations.
Additional skills that set you apart
- Experience securing cloudnative applications in AWS and/or Azure environments
- Familiarity with API gateways WAFs and runtime protection controls
- Experience working in agile or DevOps delivery environments
- Relevant security certifications (e.g. CSSLP GWAPT GWEB CISSP OSCP)
- Strong knowledge of one or more modern programming languages (e.g. Python Java C JavaScript)
The work we do at Purolator impacts every Canadian. To work with us you must be eligible to obtain a Reliability Security Clearance.
Language Requirement: Proficiency in English is required for this position due to the frequent communications that must be conducted in English with various stakeholders. This requirement is justified by the nature of the responsibilities and operational needs.
POSTING DETAILS
Location: 530 - Corporate
Working Conditions: Office Environment
Reports to: Technology Manager Information Security Office
---
Purolator is an equal opportunity employer committed to diversity and inclusion. We welcome all qualified applicants and provide accommodations during the recruitment process upon request.
Purolator complies with Canadian law in all recruitment practices. During pre-screening we may use an Artificial Intelligence (AI) tool supported by human oversight to efficiently manage tasks such as resume screening and candidate matching enabling our team to connect with qualified candidates faster.
Personal information is used solely for recruitment and managed in accordance with privacy legislation. For AI-related inquiries only contact . To apply visit our Careers Page.
We recognize that employees and their families are essential to our success. We strive to provide a safe healthy and supportive workplace ensuring the right people have the tools they need to thrive.
Every day at Purolator is an opportunity to connect with colleagues customers and communities to make a positive impact. Learn more about our values at .
Required Experience:
Senior IC
Key Skills
- Security Management
- Sensitive Information Management
- Pressure Management
- Risk Analysis
- Access Control
- Safety Procedures
- Security Measures
- Security Training
- Risk Assessment
- Access Point
- Security Checks
- Detect Signs
- Safe Environment
- Security System
- Security Reports
About Company
To succeed and grow, small business owners need a courier they can trust. Rely on Purolator for time-definite shipping, so you can focus on your business.
