Job Title: Application Security SME Location: Toronto, ON Work Arrangement: Onsite (Hybrid) Employment Type: Contract Duration: 12 Months Domain: BFSI Pay Rate: CAD 70-75/hour Incorporated Application Deadline: Jun 30th, 2026

SKILLS REQUIRED Mandatory Skills:

Application Security Strategy & Advisory Secure SDLC / DevSecOps Enablement Architecture Reviews & Threat Modeling

Security Testing & Vulnerability Management • Lead or support application security assessments, including: o Static Application Security Testing (SAST) o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o API Security Testing o Manual security reviews and penetration testing coordination • Analyze, triage, and prioritize vulnerabilities based on risk and business impact • Work closely with development teams to track remediation and validate closure of security issues • Support secure management of open-source components and third-party libraries Cloud & Modern Application Security • Provide security guidance for modern application environments, including: o Microservices and APIs o Containers and Kubernetes o Cloud-native applications o Serverless and event-driven architectures • Collaborate with cloud and platform engineering teams to secure application workloads in Azure, AWS, or GCP

Required Qualifications • Bachelor’s degree in Computer Science, Information Security, Engineering, or related field • 8+ years of experience in application security, secure software engineering, cybersecurity architecture, or related roles • Proven experience implementing and managing application security programs in enterprise environments • Strong understanding of: o Secure SDLC / SSDLC o DevSecOps principles o OWASP Top 10 o API Security Top 10 o Common software and web application vulnerabilities • Hands-on experience with application security testing tools such as: o SAST: Checkmarx, Fortify, Veracode, SonarQube o DAST: Burp Suite, AppScan, Acunetix o SCA: Snyk, Black Duck, Mend/WhiteSource • Experience in threat modeling methodologies (e.g., STRIDE) • Strong knowledge of authentication, authorization, encryption, secrets management, and secure design principles • Experience working with cloud platforms such as Azure, AWS, or GCP • Strong verbal and written communication skills with ability to work across technical and non-technical stakeholders

Preferred Qualifications • Experience in highly regulated industries such as Banking, Financial Services, Insurance (BFSI), healthcare, or public sector • Familiarity with security requirements related to standards/frameworks such as: o NIST o ISO 27001 o PCI-DSS o SOC 2 o OSFI guidance (for Canada-based roles) • Experience with CI/CD platforms such as Azure DevOps, Jenkins, GitHub Actions, or GitLab • Exposure to container security, Kubernetes security, and cloud workload protection • Familiarity with red team / blue team collaboration for application-layer attack simulation and response readiness

Preferred Certifications • CISSP • CSSLP • CISM • CEH / GWAPT / OSCP (nice to have) • Cloud Security certifications (Azure / AWS / GCP)

Key Skills & Competencies • Deep expertise in application security architecture and secure development practices • Strong analytical and problem-solving capabilities • Ability to influence and partner with engineering teams in a collaborative manner • Excellent stakeholder management and communication skills • Strong understanding of balancing security, agility, and business priorities • Ability to work independently and lead strategic application security initiatives

EEOC Compliance: We are an equal opportunity employer, and all qualified applicants will receive consideration for employment.

DISCLAIMER AI Usage Policy: Pacer Group uses AI to assist in screening applications. Final hiring decisions are made by human recruiters based on qualifications and experience.