Senior Application Security Analyst

About the job
Security Enablement & Engagement Specialist (Application Security / Cloud)

Location: Hybrid – Toronto, ON (44 King Street W – typically 2–4 days onsite per week)

Duration: 6 months (strong possibility of extension or conversion)

Schedule: Monday–Friday, 9:00 AM–5:00 PM (37.5 hrs/week)

Positions Available: 2

Overview

We are seeking experienced Security Enablement & Engagement Specialists to join a leading financial institution’s Cloud & Platform Engineering team. The successful candidates will play a key role in integrating Application Security (AppSec) and Cloud Native Application Protection Platform (CNAPP) controls into software development and release management processes. These roles support enterprise-level security initiatives, with one position focused on Cyber Risk and the other on the Cloud Acceleration Program.

Key Responsibilities

Collaborate with development, engineering, DevOps, and application security teams to embed AppSec practices across the release management lifecycle.
Contribute to the design and implementation of AppSec gating controls and ensure alignment with enterprise release management standards.
Conduct gap analyses and recommend improvements to strengthen application and cloud security processes.
Gather and document security requirements in collaboration with stakeholders and AppSec engineers.
Ensure that security testing (SAST, DAST, SCA) is embedded into CI/CD pipelines.
Develop executive-level dashboards and reports on application security posture.
Lead communication, awareness, and training initiatives for security enablement across CIO and development teams.
Support the rollout of security tools and foster adoption through documentation, education, and engagement.
Must-Have Skills

10+ years of experience in IT, with a focus on Application Security or Release Management.
3+ years’ experience as an Application Security Analyst, including integration and automation of security controls, risk assessment, and mitigation.
2+ years’ hands-on experience with SAST, DAST, SCA, or MAST within the Secure Software Development Lifecycle (SSDLC).
Proven experience building executive dashboards and reports highlighting security metrics.
Demonstrated experience designing and delivering training programs or enablement sessions for technical and non-technical teams.
Nice-to-Have Skills

Familiarity with CI/CD tools such as BitBucket, GitHub, Jenkins, Azure DevOps, JFrog Artifactory, or GitLab.
Experience using Power BI, Excel, or similar platforms for reporting.
Scripting or programming knowledge (Python preferred).
CISSP or other recognized security certifications.