Principal Application Security Specialist

Global Relay

$125K — $160K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in application/product security testing and DevSecOps with deep software security expertise.
  • Proficiency in security frameworks like OWASP, MITRE, and NIST, and testing tools (SAST/DAST/SCA).
  • Experience with scripting languages such as Python, Java, Bash, and PowerShell.
  • Familiarity with DevOps/CI-CD tools including Git, Jenkins, and Docker/Kubernetes.
  • Solid grasp of secure development practices and coding standards.
  • Excellent cross-functional communication skills to explain technical concepts to diverse audiences.

Responsibilities

  • Collaborate to develop application security testing methodologies across various domains.
  • Lead high-risk security assessments and innovate new testing techniques.
  • Manage organization-wide triage and triage training for security testing functions.
  • Drive security integration in SDLC and CI/CD pipelines with a proactive, risk-based approach.
  • Design an automated security framework with robust tooling to enhance processes and security.
  • Analyze vulnerability data to mitigate risks across applications and infrastructure.
  • Measure testing coverage and effectiveness, fostering continuous improvement in security measures.

Benefits

  • Comprehensive extended health benefits including virtual healthcare and wellness allowances.
  • Increasing annual vacation days based on employee tenure.
  • Paid sick days and a maternity/parental enhancement program.
  • Bonus opportunities and an RRSP contribution matching program.
  • Subsidized meal program for Vancouver-based employees.
Full Job Description
Your role:

The Principal Application Security Specialist is the most senior individual contributor across Global Relay's Software & Application Security function. Combining deep application security testing mastery with DevSecOps leadership, you set the technical direction for how Global Relay tests the security of its applications and for how security is engineered into the software development lifecycle. You lead the most complex and novel assessments, define testing methodology and standards, and drive the integration of automated security controls into CI/CD pipelines. You act as the organization's authority on application, mobile and AI/LLM security, and partner with engineering, platform and product leadership so that security is built in and aligned with business objectives.

Your responsibilities:

Testing & methodology leadership
  • Collaborate with the Team Lead, Application & Software Security to develop and own the application security testing methodology and standards across web, API, mobile and AI/LLM domains.
  • Lead the most complex, novel and high-risk security assessments, including original research and the development of new testing techniques and tooling.
  • Own the organization-wide triage, escalation and evidence-quality framework across all security testing and scanning functions and define how L1-L3 teams are trained and measured against it.
  • Support the direction for the penetration testing and offensive security program.
  • Own the most advanced threat modelling for critical and cross-cutting architecture.
  • Serve as the organization's authority and final technical escalation point for application security.

DevSecOps & secure SDLC
  • Drive the integration of security into the SDLC and CI/CD pipelines, championing a proactive, risk-based, "shift-left" approach.
  • Develop the organization-wide standards for remediation verification, retest evidence and release closure, ensuring security gating is consistently and appropriately applied across all release pipelines.
  • Design and deploy an automated security framework for robust tooling and processes, using scripting and open-source solutions.
  • Collaborate with Engineering for the selection, deployment and management of security scanning tools (SAST, DAST, SCA, container) within CI/CD pipelines, integrating them via APIs and plugins using agile delivery methods.
  • Serve as the liaison for DevSecOps standards and provide input into new standards and policies.
  • Review and analyze vulnerability data to identify risk across applications, infrastructure and network, and manage false positives.
  • Set the organization's standards for root-cause analysis and remediation guidance on the most complex or systemic security defects and define how remediation quality is assessed across teams.

Influence, measurement & people
  • Define how testing coverage, quality and effectiveness are measured and drive continuous improvement.
  • Partner with engineering, product and architecture teams to influence secure design at scale and prioritize security investment.
  • Lead security sessions for engineering teams covering risks, report analysis, mitigations and process improvements.
  • Mentor and develop specialists, create documentation and training material, and raise the technical bar across the function.
  • Represent application security in cross-functional and, where appropriate, external forums.

About you:
  • 8+ years experience across application/product security testing and DevSecOps, with expert knowledge of software security.
  • Experience with security frameworks (OWASP, MITRE, NIST), testing tools (SAST/DAST/SCA), scripting (Python, Java, Bash, PowerShell), and DevOps/CI-CD tooling (Git, Jenkins, Docker/Kubernetes)
  • Solid understanding of secure development and coding practices
  • Comfortable working cross-functionally with Security, Dev, and Engineering teams
  • Strong communicator, able to translate technical concepts for any audience
  • Self-directed, detail-oriented, and a sharp problem-solver


Compensation:

Global Relay advertises the pay range for this role in compliance with British Columbia's pay transparency laws. Individual pay rates are determined by evaluating factors such as expertise, skills, education, and professional background.

The range below reflects the expected annual base salary, which is only one element of our comprehensive total rewards package designed to reflect our company pay philosophy, culture and values. We aim to foster an inspiring work environment and support employees' work-life rhythms. We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Other benefits include: Paid sick days, maternity/parental enhancement program, bonus, and an RRSP contribution matching program.

For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team!

British Columbia - Base salary range

$125,000-$160,000 CAD

What you can expect:

At Global Relay, there's no ceiling to what you can achieve. It's the land of opportunity for the energetic, the intelligent, the driven. You'll receive the mentoring, coaching, and support you need to reach your career goals. You'll be part of a culture that breeds creativity and rewards perseverance and hard work. And you'll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills.

Similar Jobs

More Jobs at Global Relay

More Information Technology Jobs

Find similar Principal Application Security Specialist jobs: