Content Security Researcher – Application Security

We at Security Compass are on a mission to create a world where we can trust technology. We’ve developed the industry’s first Balance Development Automation platform, SD Elements, that combines the power of risk assessment with threat modeling and secure coding - all in one powerful platform. This, in combination with our industry-leading e-Learning offerings, allows us to support our customers in mitigating risk and accelerating software time-to-market without sacrificing security.

As a Content Security Researcher – Application Security, you’ll be reporting to the Lead, Security Research. You should have a solid understanding of the software development lifecycle, cybersecurity, and familiarity with critical application security vulnerabilities such as the OWASP Top 10. This position is ideal for practitioners with a passion for software security who are looking to work within a content research team, or developers who want to help influence other developers in software security. 

You will have a chance to positively impact nearly every part of the world's digital infrastructure by helping shape secure software development for our clients: the world's largest financial services, software, healthcare, telecom, technology, media, and industrial control system companies.

What you’ll do

• Stay up-to-date with the latest software security vulnerabilities, protection mechanisms, and related compliance standards 
• Develop security content for a broad range of application types that include web, mobile, client/server, desktop, and embedded software
• Work with AppSec experts on building secure coding samples in a variety of languages
• Transform compliance regulations and standards into actionable tasks that can be easily consumed by software developers, dev managers, and DevOps engineers; align and match the mandates of those regulations and standards to existing security controls
• Develop security content for the most recent vulnerabilities and attacks; analyze and improve existing security content
• Technical writing and editing; develop security content using style guides that target technical and non-technical audiences; ensure that security content follows a logical structure, is easy to understand, and is easy to act on
• Develop security and compliance training courses and JITT (Just In Time Training) modules
• Develop Python scripts to automate day-to-day workflows and processes
• Provide subject-matter expertise as a service

What you’ll need to succeed 

• A passion to help developers code securely, as well as to learn and teach how to build and deploy secure software
• 3-5 years of industry experience or related graduate level
• Knowledge of the principles of secure coding, common application security vulnerabilities (e.g., OWASP Top 10) and verification standards (such as ASVS)
• Solid understanding of the concepts of software development, including the software development lifecycle (Waterfall and Agile), DevOps processes (CI/CD), Cloud computing, DevSecOps (Cloud and Container technologies), and AppSec (Web and Mobile)
• Familiarity with some of the major security and privacy compliance standards/regulations such as ISO 27000, NIST 800-53, GDPR
• Experience with modern programming languages such as Java, C#, Python, JavaScript, Dart or any other desktop or mobile application development languages
• Strong written communication skills and a desire to do technical writing
• Time management, multitasking, and prioritization skills to work in a fast-paced, agile environment

Nice to have:

• Security or privacy certifications (such as CISSP, CEH, Security+, CIPP, or similar)
• Hands on experience in Cloud and Container security

Why Security Compass?

• Make a difference.  Our suite of products and services help make software more secure for our customers, their clients, and the world as a whole.  
• Have a voice.  Be trusted.  Our organizational structure and open communication programs create an environment where employees drive the company’s culture and decisions. 
• Have fun.  Our social events and games around the office are the just a few ways we let loose.  We don’t take ourselves too seriously. 
• Universal Acceptance.  Diversity is our differentiator.  We speak up for inclusion.  We respect all forms of intelligence.  
• Be innovative.  We give dedicated time to focus on passion projects and encourage new ideas in all that we do.  We encourage disruptive thinking. You’ll be able to spend 10% of your time working on a side-project of your choosing.
• Grow your career.  We make your growth and learning a priority by giving a dedicated training budget.   We create opportunities to take on new projects in security and beyond.
• Find balance.  We support work from home, have flexible work hours, and open vacation.

Click here to start imagining your future at Security Compass!

Security Compass is an equal opportunity employer. We are committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require any accommodation, please inform hr@securitycompass.com  so that an inclusive and barrier free process can be provided for candidates taking part in all aspects of the hiring process.  All information provided will be addressed confidentially.