Senior Application Security Engineer

Montreal

Upgrade Inc. logo
Upgrade Inc.
Apply now Apply later

Posted 1 week ago

Upgrade is a fintech unicorn backed by a top 10 global bank and other leading fintech investors. Founded in 2017, Upgrade has already delivered $3.5 billion in consumer credit and achieved $125 million in annual revenue run rate and cash profitability.
Upgrade is building a neobank offering exceptional value to mainstream consumers, including affordable and responsible credit through cards and loans. In 3 short years 10 million people have already applied for an Upgrade Card or loan.
Upgrade has been named a “Best Place to Work in the Bay Area” by the San Francisco Business Times and Silicon Valley Business Journal 3 years in a row, and received “Best Company for Women” and “Best Company for Diversity” awards from Comparably.
We are looking for new team members who get excited about designing and implementing new and better products and join a team of 350 talented and passionate professionals. Come join us if you like to tackle big problems and make a meaningful difference in people's lives.

Responsibilities:

  • Evaluation of security technology. methodology, and tools to better the software development life cycle.
  • Help train developers, and QA personnel to the appropriate level of software security knowledge to perform their responsibilities.
  • Improving and supporting application security tool services including static analysis and dynamic testing tools.
  • Supporting incident response and architecture review processes whenever application security expertise is needed.
  • Managing routine penetration testing services, including both expert consulting and managed services.
  • Providing manual penetration testing and standards gap analysis services to internal business and technology partners.
  • Supporting, Improving and maintaining secure development standards and application security framework projects.
  • Supporting Vendor Management activities to ensure 3rd party software and development meet security standards.
  • Integrating threat modeling practices into the product development life cycle.
  • Providing security requirements for test driven design to assess control effectiveness.
  • Producing metrics reporting the state of application security programs and performance of development teams against requirements.

Requirements:

  • 2+ years of relevant work experience.
  • Experience with agile development processes and have experience integrating secure development practices into the model.
  • Experience writing and testing web applications and web services.
  • Familiarity with a variety of development and testing tools.
  • Experience working with one or more SAST, DAST and IAST tools.
  • Ability to explain vulnerabilities and weaknesses, and discuss effective defensive techniques.
  • Experience with cyber security attacks and mitigation methods (red/blue team experience).
  • Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection.
  • Expertise in employing analytics and threat intelligence techniques, Incident response process; Software security.
  • IT supply-chain risk management and assurance; cloud security operations.

Benefits/Perks:

  • Downtown office location near Square Victoria.
  • Comprehensive benefits package including medical, dental, & vision.
  • Unlimited vacation policy.
  • Catered lunch every Thursday.
  • Kitchen stocked with beverages, snacks & treats. 
  • In office game rooms (ping pong, foosball, pool).
  • Monthly social gatherings.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Job tags: Analytics Architecture Blue team Cryptography Incident response Penetration testing Security assessments Threat intelligence Vendor management Vulnerabilities
Share this job: