Reporting to the Senior Manager, Information Security, the Application Security Analyst will be responsible for supporting and contributing to application security efforts within the organization. This role involves ensuring that applications are developed and maintained with robust security measures to protect against vulnerabilities and threats, as well as ensuring applications provided to customers contain industry leading security features and functions.
BUILD. SECURE. COLLABORATE - IT'S WHAT YOU'LL DO - Embed security in development - Contribute to and support Payworks' application security strategy. Assist in implementing software security practices, processes, and technologies within the development lifecycle. Collaborate with QA, Product Management, Privacy, and Business Analyst teams to support security requirements on every project.
- Assess vulnerabilities - Assist in identifying, researching, and resolving potential risks, threats, vulnerabilities, and exploits in internally developed software, including third-party dependencies and integrations. Participate in security assessments, code reviews, and penetration testing activities.
- Manage security tools - Support the deployment and administration of SAST/DAST tools and web application firewalls. Assist in integrating security tooling into the CI/CD pipeline. Evaluate and support security tooling for AI/ML development environments and AI-assisted coding platforms.
- Assess AI security risks - Support security considerations in AI development lifecycles including model training pipelines, data handling, and AI system integrations. Collaborate on security assessments of agentic AI systems and autonomous agents to identify potential risks and vulnerabilities.
- Support incident response - Work closely with the SOC team to investigate and respond to application-related threats, security events, and incidents. Build proactive mitigation methods using technologies such as web application firewalls.
- Audit, document & report - Perform security audits to evaluate the effectiveness of security controls. Contribute to comprehensive documentation of application security processes, assessments, and architecture. Generate reports on application security metrics, vulnerabilities, and remediation progress for management and stakeholders.
- Build security awareness - Conduct and manage application security awareness training for employees. Work closely with development groups to ensure modern programming languages are used and that secure coding best practices are followed.
WHAT YOU'LL NEED TO SUCCEED- Bachelor's Degree in Computer Science, BIT - Application Development Diploma or related studies, and/or equivalent combination of education and experience.
- 5+ years of programming experience.
- Proven expertise in security industry processes and secure coding best practices.
- Demonstrated experience with Microsoft .NET (VB/C#), ASP.NET, Microsoft IIS, Microsoft SQL Server, and Git source control.
- Experience with Microsoft SQL Server and T-SQL queries.
- Strong analytical and troubleshooting skills.
- Excellent communication skills - able to communicate security risks clearly to both technical and non-technical stakeholders.
- A team player who shares technical knowledge and values ongoing professional development.
BONUS SKILL SET- Experience with Agile software development methodologies and tools such as the Atlassian product suite (Bitbucket, Bamboo, Jira, Confluence) or Azure DevOps would be considered an asset.
- Experience with HTML, JavaScript, Vue.js, and modern CSS technologies such as CSS3, Foundation, and SCSS would be considered an asset.
- Experience with Web Application Firewalls and SAST/DAST technologies such as Citrix Netscaler, Checkmarx, or Synopsys WhiteHat Security would be considered an asset.
- Understanding of AI/ML security principles including prompt injection, model security, and data privacy considerations in AI systems.
- Awareness of security challenges in AI development including adversarial attacks, model poisoning, and agentic AI system vulnerabilities.
- CSSLP and CISSP certifications considered an asset.
We are proud to support a Flexible Work Plan that recognizes the diverse needs and lifestyles of our people. The Application Security Analyst has the option to work fully from the Payworks office in Calgary or on a hybrid work model, working in the office at least three (3) days a week. This role may require participation in an on-call rotation for after-hours support, including evenings, weekends, and holidays, as needed.
