Senior Application Security Specialist

During the day, you will be led to:

• Play a crucial role in building a strong security culture within Petal, emphasizing the importance of security in all aspects of our work, notably through initiatives such as our Security Champions program or our practice communities;
• Work closely with development teams to understand their current security training needs to create engaging and diverse educational content that caters to different learning preferences, ensuring that all development team members understand and apply security principles;
• Stay informed about the latest security threats, trends, and technologies to keep our security strategies as well as our training materials up to date with best practices;
• Understand software security needs by closely collaborating with stakeholders to identify specific security requirements;
• Participate in the design of our applications by integrating security mechanisms from the outset. This may include defining secure architecture, designing access controls, managing identities, and considering encryption mechanisms;
• Oversee vulnerability management in our application code and ensure that they are addressed by our teams within specified timelines;
• Ensure that sensitive data is properly protected, using encryption techniques, key management policies, and ensuring data confidentiality and integrity;
• Participate in security incident response when necessary;
• Contribute to the evolution of our SDLC, our application security policy, as well as the processes/procedures that support them;
• Collaborate and serve as a bridge between the compliance team and our developers, especially during audits;
• Identify and assess potential security risks in existing and new applications. This may include conducting risk analyses, security audits, and code reviews to detect vulnerabilities;
• Effectively communicate with other team members, write reports on vulnerabilities, and raise awareness of the importance of security.

Your profile

Are you a senior security expert known for your ability to design and implement robust application protection solutions? Are you seeking an opportunity to leverage your skills and experience to make a real difference? The sky is the limit! If you have:

• A bachelor's degree in Computer Science, Software Engineering, Computer Security, or a related field - a master's degree in computer security is an asset;
• A minimum of 5 years of experience in application security and at least 7 years of experience in IT;
• Excellent communication and presentation skills, with the ability to explain complex security concepts to both technical and non-technical audiences.;
• A thorough understanding of modern web application vulnerabilities and their remediation (OWASP Top 10, CWE Top 25);
• The ability to quickly learn and teach various security topics such as threat modeling, shifting left, cloud security, etc.;
• The ability to demonstrate that a vulnerability is technically exploitable through a proof of concept (PoC);
• Experience in software development in the healthcare domain, knowledge of FHIR, HL7 as well as familiarity with common security frameworks such as ISO 27001, NIST, OWASP, etc.;
• A deep understanding of computer security principles (common vulnerabilities, attack techniques, and best security practices);
• Good knowledge of security tools such as vulnerability scanners, intrusion detection tools, etc.;
• Strong attention to detail and solid analytical, organizational, and task management skills;
• Experience in secure development (secure development practices, penetration testing, and application auditing to identify and resolve vulnerabilities) (strong asset);
• Security certifications (CISSP/CSSLP/CCSP/OSCP, etc.) (asset);
• Since you will be regularly interacting with English-speaking colleagues and suppliers located outside of Québec, advanced proficiency in both English and French (spoken, written, and read) is preferable.
  

Petal’s position on remote working

In our opinion, a company cannot claim to be modern, innovative and have the well-being of their team at heart, without attempting to integrate remote working to the level that their business model allows them to. Post-pandemic, Petal employees will continue to benefit from the option of teleworking up to the maximum flexibility permitted by the nature of the position and the smooth running of operations.

Our benefits

• A signing bonus of $1,000 for your remote work set-up;
• Compensation that recognizes your contribution;
• 4 to 6 weeks of paid vacation per year;
• 5 ​paid personal days​ per year​;
• A ​group RRSP / DPSP plan with employer contribution;
• ​A ​complete group ​insurance ​plan, from day 1;
• An ​annual wellness allowance;
• Access to the Dialogue™ telehealth application;
• Flexible work hours and more.