ABOUT THE ROLE

At Arctic Wolf, we are transforming our Application Security function to be AI-first, fundamentally changing how security work is executed and scaled across the organization. We are seeking a Lead Application Security Engineer to help scale secure-by-design practices across our cloud, SaaS, and AI-enabled platforms.

In this role, you will lead threat modeling, define application security standards, assess product and platform architectures, and integrate security throughout the SDLC. This includes securing emerging AI and GenAI capabilities using frameworks such as the OWASP Top 10 and OWASP Top 10 for LLMs.

The role requires deep technical expertise, strong communication skills, and the ability to lead cross-functional initiatives. You will own and drive multiple AppSec programs, reduce risk, shape internal security practices, and coach engineers and Security Champions to raise the overall security maturity of the organization.

Responsibilities

• Lead threat modeling exercises for applications, microservices, APIs, and AI/LLM-enabled systems
• Define reusable security patterns and drive secure design reviews for product and platform architectures
• Own AppSec initiatives end-to-end and drive risk-reduction programs across R&D
• Influence engineering and product leaders to adopt secure practices through clear guidance and rationale
• Conduct security assessments for new features, cloud architectures, and AI/GenAI capabilities
• Implement and optimize AppSec tooling including SAST, DAST, IAST, SCA, IaC scanning, and container security
• Establish metrics, dashboards, and scalable process improvements
• Drive R&D wide security practices and help shape internal standards for secure development
• Explore emerging technologies, and promote continuous learning within AppSec and the Security Champions community

About You

• 7+ years of experience in Application Security, Product Security, Secure Software Development, or a related security engineering discipline.
• Deep expertise in secure design and development principles, including the OWASP Top 10, OWASP ASVS, and modern application security best practices.
• Proven experience leading threat modeling exercises, security architecture reviews, and risk assessments for complex applications and services.
• Hands-on experience with application security tooling, including SAST, DAST, SCA, IaC, container, and cloud-native security solutions.
• Strong analytical and problem-solving skills, with the ability to identify security risks, evaluate tradeoffs, and develop practical, scalable solutions.
• Demonstrated ability to influence engineering teams and technology leaders through collaboration, technical expertise, and sound risk-based decision making.
• Experience driving the adoption of secure development practices and integrating security into engineering workflows and SDLC processes.
• Excellent communication skills with the ability to translate complex technical concepts into actionable guidance for both technical and executive stakeholders.
• Proven track record of leading security initiatives, establishing standards, and delivering measurable improvements to an organization's security posture.
• Passion for mentoring engineers, fostering a security-first culture, and elevating the security capabilities of development teams.

Preferred Qualifications

• Experience securing cloud-native applications and architectures in AWS, Azure, or GCP environments.
• Knowledge of AI and GenAI security concepts, including the OWASP Top 10 for LLM Applications, model and agent security risks, and secure AI system design.
• Experience supporting large-scale SaaS platforms, highly distributed systems, or organizations operating in regulated environments.

On-Camera Policy
To support a fair, transparent, and engaging interview experience, candidates interviewing remotely are expected to be on camera during all video interviews. Being on camera fosters authentic connection, improves communication, and allows for full engagement from both candidates and interviewers. We understand that technical, bandwidth, or location-related challenges may occasionally prevent video use. If this applies, candidates are required to notify us in advance so we can explore appropriate accommodations.

All wolves receive compelling compensation and benefits packages, including:

• Equity for all employees
• Flexible time off and paid volunteer days
• RRSP and 401k match
• Training and career development programs
• Comprehensive private benefits plan including medical, mental health, dental, disability, life and AD&D, and value-added services
• Robust Employee Assistance Program (EAP) with mental health services
• Fertility support and paid parental leave

Security Requirements

• Conducts duties and responsibilities in accordance with AWN's Information Security policies, standards, processes, and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).

The base salary range for this job family is 60,000 to 211,000 CAD annually. This range reflects the base pay the company reasonably expects to offer for this position, aligned to the broader job family base pay structure. Actual base pay may vary based on skills, experience, and location, including job family level. In addition to base pay, Arctic Wolf offers variable incentive compensation, new hire equity grants, and a comprehensive benefits package.