Back to jobs New Senior Application Security Developer Canada (Remote) Apply Upgrade is a fintech company that provides affordable and responsible credit, mobile banking, and payment products to everyday consumers. We were the fastest growing company in the Americas last year according to the Financial Times and Upgrade Card was the fastest growing credit card in America two years in a row. We have delivered over $33 billion in affordable and responsible credit to our 5.5M customers. The company is backed by some of the most prominent technology investors and was recently valued at $6.3B.
We have built an energizing, collaborative and inclusive culture where team members help each other, learn and innovate to move the company and its customers in the right direction, and own the outcome of their efforts.
Upgrade has been named a “Best Place to Work in the Bay Area” three years in a row, “Top Companies to work for in Arizona” and one of the "Best Engineering Department" awarded annually by Comparably. We've also received recognition for being a best company for Diversity, Women, Culture, and Veterans.
We are looking for new team members who get excited about designing and delivering new and better products to join a team of 1850 talented and dedicated professionals. Come work with us if you like to tackle big problems and make a meaningful difference in people's lives.
About the Role:
As a Senior Application Security Developer, you’ll help scale our static and dynamic code analysis, handle manual and automated pen-testing, threat modeling, and lead the overall improvement of our AppSec posture. You’ll collaborate alongside DevOps, QA, and Engineering to improve the security of applications architected on the cloud (AWS) in a microservices-based environment.
What You’ll Do:
Evaluate our security technology, methodology, and tools to better the software development life cycle
Help train developers, and QA personnel to the appropriate level of software security knowledge to perform their responsibilities
Improve and support application security tool services including static analysis, dynamic testing, software composition analysis tools
Support incident response and architecture review processes whenever application security expertise is needed
Manage routine penetration testing services, including both expert consulting and managed services
Provide manual penetration testing and standards gap analysis services to internal business and technology partners
Support, improve, and maintain secure development standards and application security framework projects
Support Vendor Management activities to ensure third party software and development meet security standards
Integrate threat modeling practices into the product development life cycle
Provide security requirements for test driven design to assess control effectiveness
Produce metrics reporting the state of application security programs and performance of development teams against requirements
What We Look For:
5+ years of relevant work experience.
Experience with agile development processes and have experience integrating secure development practices into the model
Experience writing and testing web applications, mobile applications and microservices
Familiarity with graphQL architecture and security best practices
Basic understanding of authentication and authorization schemes including OAuth
Familiarity with a variety of development and testing tools
Experience working with one or more SAST, DAST and IAST tools
Ability to explain vulnerabilities and weaknesses, and discuss effective defensive techniques
Experience with cyber security attacks and mitigation methods (red/blue team experience)
Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection
Expertise in employing analytics and threat intelligence techniques, Incident response process; Software security
Experience in IT supply-chain risk management and assurance, as well as cloud security operations
Nice to Have:
Basic familiarity with python for security tool automation would be a plus.
What We Offer You:
Competitive salary and stock option plan
100% paid coverage of medical, dental and vision insurance
Flexible PTO
Competitive 401(k) and RRSP program
Opportunities for professional growth and development
Paid parental leave
Health & wellness initiatives
The compensation range of this position in Canada is $150,000 - $250,000 CAD annually plus equity and benefits. Within this range, an individual's base pay will be dependent on a variety of factors, including without limitation, job-related knowledge, skills, education, and experience.
#LI-Remote #BI-Remote We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Upgrade does not accept unsolicited resumes from staffing agencies, search firms, or any third parties. Any resume submitted to any employee of Upgrade without a prior written agreement in place will be considered the property of Upgrade, and Upgrade will not be obligated to pay any referral or placement fee. Agencies must obtain advance written approval from Upgrade's Talent Acquisition department to submit resumes and only in conjunction with a valid, fully executed agreement . Create a Job Alert Interested in building your career at Upgrade? Get future opportunities sent straight to your email. Create alert Apply for this job * indicates a required field Autofill with Greenhouse First Name * Last Name * Email * Phone Resume/CV * Attach Attach Dropbox Google Drive Enter manually Enter manually Accepted file types: pdf, doc, docx, txt, rtf Cover Letter Attach Attach Dropbox Google Drive Enter manually Enter manually Accepted file types: pdf, doc, docx, txt, rtf LinkedIn Profile Website Are you legally authorized to work in Canada? Select... Will you now, or in the future, require sponsorship for employment visa status (e.g. H-1B visa status, work permit, etc.)? Select... Demographic Questions & Categorizations Upgrade is dedicated to building a diverse team and an inclusive culture. We believe that it’s crucial to Upgrade’s long-term success to create an environment where all employees feel like they belong and have an equal opportunity to succeed.
For this reason, we are asking candidates to voluntarily self-identify through a few demographic questions. Our purpose in collecting this information is to help us assess our outreach efforts and diversity representation goals. Your responses will not be linked to your identity or your application, and neither recruiters nor hiring managers can see this information at an individual level. Your responses are stored in the aggregate and will not play any role in our hiring decision. Your decision to participate or not participate in this survey will have no impact on your candidacy at Upgrade. How you do you identify? (Gender identity) Select... Do you identify as LGBTQ+? Select... How do you identify? (Ethnicity) Select... What is your veteran status? Select... What is your disability status? Select... Submit application
View Original Job Posting