Content Security Researcher – Application Security
Open to candidates across Canada
Applications have closed
Security Compass
Security Compass is a cybersecurity company that offers professional advisory services, training, and balanced development through SD Elements. We help to eliminate security vulnerabilities in mission-critical applications so that regulatory...
We at Security Compass are on a mission to create a world where we can trust technology by enabling organizations to shift left and build secure applications by design. Our flagship product, SD Elements, helps organizations to reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. This, combined with our industry-leading e-Learning offerings, allows us to support our customers in accelerating software time-to-market without sacrificing security.
As a Content Security Researcher – Application Security, you’ll be reporting to the Lead, Security Research. You should have a solid understanding of the software development lifecycle, cybersecurity, and familiarity with critical application security vulnerabilities such as the OWASP Top 10. This position is ideal for practitioners with a passion for software security who are looking to work within a content research team, or developers who want to help influence other developers in software security.
You will have a chance to positively impact nearly every part of the world's digital infrastructure by helping shape secure software development for our clients: the world's largest financial services, software, healthcare, telecom, technology, media, and industrial control system companies.
What you’ll do
- Stay up-to-date with the latest software security vulnerabilities, protection mechanisms, and related compliance standards
- Develop security content for a broad range of application types that include web, mobile, client/server, desktop, and embedded software
- Work with AppSec experts on building secure coding samples in a variety of languages
- Transform compliance regulations and standards into actionable tasks that can be easily consumed by software developers, dev managers, and DevOps engineers; align and match the mandates of those regulations and standards to existing security controls
- Develop security content for the most recent vulnerabilities and attacks; analyze and improve existing security content
- Technical writing and editing; develop security content using style guides that target technical and non-technical audiences; ensure that security content follows a logical structure, is easy to understand, and is easy to act on
- Develop security and compliance training courses and JITT (Just In Time Training) modules
- Develop Python scripts to automate day-to-day workflows and processes
- Provide subject-matter expertise as a service
What you’ll need to succeed
- A passion to help developers code securely, as well as to learn and teach how to build and deploy secure software
- 3-5 years of industry experience or related graduate level
- Knowledge of the principles of secure coding, common application security vulnerabilities (e.g., OWASP Top 10) and verification standards (such as ASVS)
- Solid understanding of the concepts of software development, including the software development lifecycle (Waterfall and Agile), DevOps processes (CI/CD), Cloud computing, DevSecOps (Cloud and Container technologies), and AppSec (Web and Mobile)
- Familiarity with some of the major security and privacy compliance standards/regulations such as ISO 27000, NIST 800-53, GDPR
- Experience with modern programming languages such as Java, C#, Python, JavaScript, Dart or any other desktop or mobile application development languages
- Strong written communication skills and a desire to do technical writing
- Time management, multitasking, and prioritization skills to work in a fast-paced, agile environment
Nice to have:
- Security or privacy certifications (such as CISSP, CEH, Security+, CIPP, or similar)
- Hands on experience in Cloud and Container security
Why Security Compass?
- Meaningful Work. We contribute towards making technology in the world more secure and our vision is one of a world where we can trust technology.
- Trust. It’s important to us that you trust those you work with and are empowered to be yourself. To build this trust and transparency, we encourage open, respectful communication.
- Innovation. We encourage you to explore ideas and test new theories, both in your work and your passion projects. We encourage disruptive thinking. You’ll be able to spend 10% of your time working on a side-project of your choosing.
- Growth. We make your growth and learning a priority by allocating all our employees with a dedicated learning & growth budget. We give our team members tools and support to be the drivers of their careers and encourage knowledge sharing.
- Life-Work Integration. We create an environment where you can integrate your work with life in a way that makes sense for you with our hybrid or remote working model, flexible work hours, and unlimited vacation!
- Fun. We could not have good culture without good fun, and we don’t underestimate its importance. Our casual atmosphere promotes camaraderie, fun and helps bring people together.
- Embracing Diversity, Inclusion and Equity. We speak up for inclusion and celebrate diversity in thought. Our goal is to create a safe, equitable workplace where everyone feels like they belong.
Click here to start imagining your future at Security Compass!
Security Compass is an equal opportunity employer. We are committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require any accommodation, please inform hr@securitycompass.com so that an inclusive and barrier free process can be provided for candidates taking part in all aspects of the hiring process. All information provided will be addressed confidentially.
Tags: Agile Application security C CEH CI/CD CIPP CISSP Cloud Compliance DevOps DevSecOps GDPR Industrial ISO 27000 Java JavaScript NIST OWASP Privacy Python Vulnerabilities
Perks/benefits: Career development Equity Flex hours Flex vacation Startup environment Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs