Senior Application Security Engineer
Toronto, ON
Relay Financial
Relay (Relay Financial), is an all-in-one business banking and money management platform helping businesses understand what they're earning, spending & saving.Relay is entering an exciting new chapter of growth and we’re looking for a Senior Application Security Engineer to join our Trust team. Your love of making and contributing to high-impact decisions daily and desire to help shape the future of Relay is going to be crucial. The team’s vision is “Protecting the cathedral while enabling the bazaar” - quite a challenge in a fintech business. This is an opportunity to get in at ground level and help evolve our security posture as we grow.
Our Senior Application Security Engineer will be required to work from our downtown Toronto office (2-days per week).
What You'll Be Doing
- Collaborate with stakeholders across the organization to drive application security maturity
- Perform application security testing, code reviews, to identify and evaluate security vulnerabilities in applications, APIs
- Establish secure software development practices that make security an important piece of the SDLC pie
- Build security tooling and automations to scale the engineering team’s security practices
- Develop and maintain application security standards and provide guidance to software engineering teams
- Participate in incident response activities as needed including supporting engineering teams incident remediation efforts
- Perform threat modeling and security architecture reviews to identify potential security risks and integrate security early in the development process.
- Be actively involved in Relay’s application security vulnerability management program, triaging and prioritizing vulnerabilities from application security tooling, vulnerability disclosure program, manual testing results
- Champion developer education initiatives on all things application security, while being an advocate for all things AppSec and Security at Relay. Tell us how you would reduce risk!
Who You Are
- You have 5+ years of experience in Application Security engineering, application security penetration testing, developing and implementing changes. We are looking for builders: incremental changes or major initiatives.
- You're familiar with our tech stack: Node.js, GitHub (repositories and actions), AWS, HackerOne.
- You are experienced with programming languages such as JavaScript, Python, etc.
- You have a deep understanding of application security concepts.
- You have done some presentations about security subjects/participated in CTFs
- You're automation-driven. Think small teams, high impact: tell us how to leverage systems to accelerate our velocity.
- You're self driven to improve security across the core product of the organization
- You're curious. The AppSec and security landscape isn’t static, and neither should you be!
- You're a team player. Our team is small and mighty, and we collaborate constantly - we want someone who is always willing to pitch in and isn’t afraid to ask for help.
Bonus Points
- Show us your home lab! We have Ubiquity gears everywhere and we like to geek-out on our k8s clusters that control in-house experience. Show us CVE, conference talks, etc.
- Even when it seems impossible to identify security vulnerabilities, you understand and persevere knowing there is something lurking
- You’ve joined a company at its early stages and have seen it through scale
- You have experience working in a fintech startup
Research shows that women-identifying and other marginalized individuals tend to only apply when they meet 100% of the qualifications; if you don't have all the listed qualifications, we encourage you to apply anyway!
Our Commitment To You
- Competitive salary and meaningful equity: every team member gets a piece of the pie.
- Comprehensive health benefits: we offer full health benefits + an HSA/WSA starting from day 1 so you get the coverage you need.
- Considerable vacation/end-of-year holiday shutdown: we take time off to reset and recharge so we come back better for our customers.
- Hybrid work environment: we love collaborating and connecting in the office two times a week and offer catered lunches and a snack/beverage program for the days we’re in office. Don’t forget to bring in your furry friends!
- Personal and professional growth: support from leaders who care about your growth and success through regular feedback and coaching. Our goal is to make Relay a step-change career opportunity.
- Top-tier equipment: we’ll make sure you have everything you need to produce your best work.
- Team-first culture: we’re passionate about working collaboratively, bonding through team events, and most importantly having fun.
The Interview Process
- Stage 1: A 30-minute Google Meett video call with a member of the Talent Team
- Stage 2: A 45-minute experience deep dive interview with the Engineering Manager, Application Security
- Stage 3: A 1-hour Google Meet case study presentation with a member of the trust team and the engineering team
- Stage 4: A 30-minute Google Meet video call with a member of the executive team at Relay Financial
At Relay, we believe that diversity is key to building high-performing teams, and creating an inclusive work environment is our priority. We are an equal-opportunity employer and we welcome people of diverse backgrounds, perspectives, and skills.
We will work with applicants to provide accommodations at any stage of the hiring process. If you require accommodations during the interview process, please email your People Team contact, and we will work with you to meet your needs.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS Banking Finance FinTech GitHub Incident response JavaScript Kubernetes Node.js Pentesting Python SDLC Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity / stock options Flex vacation Gear Health care Lunch / meals Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs