Senior Security Engineer
Toronto, Canada
Applications have closed
FreshBooks
The best cloud based small business accounting software. Send invoices, track time, manage receipts, expenses, and accept credit cards. Free 30-day trial.FreshBooks has a big vision. We launched in 2003 but we’re just getting started and there’s a lot left to do. We're a high performing team working towards a common goal: building an elite online accounting application to help small businesses better handle their finances. Known for extraordinary customer service and based in Toronto, Canada, FreshBooks serves paying customers in over 120 countries.
The Opportunity – Senior Application Security Engineer
FreshBooks Product Security Team is looking for an Application Security Engineer to help validate that our microservices, applications, and websites are designed and implemented to the highest security standards.
You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will participate in secure architecture reviews, perform threat modeling, test security of applications & services, review source code, and maintain security tests in the SDLC.
Responsibilities:
- Work as an internal security consultant to help [feature/product] engineering teams understand the security risk and advise them on best practices
- Perform threat modeling for any new or existing applications and services
- Run periodic application security assessment and write a report for internal and external use
- Review source code of applications and services for vulnerabilities when required
- Stay on top of Vulnerability management and patch management
- Support our responsible disclosure program
- Security training and outreach to product development teams
- Participate in on-call rotation and lead security incident response
- Improve and Maintain static and dynamic application security tests in CICD pipeline
- Perform proactive research to detect new attack vectors and pentest internal and external apps
- Develop security tools and security metrics
- Design, architect, and implement defensive security controls across services
Basic Qualification:
- Minimum 3-5 years of experience in threat modeling, secure software development
- You have a deep understanding of how the network and web protocols such as TCP, UDP, HTTP, HTTPS, DNS, routing and IPSEC work
- You have a knack for finding flaws in software and can efficiently communicate how to fix them
- You have experience in working with microservices architecture supporting mobile and web clients
- You have knowledge of cryptography and data security standards
- You have knowledge of security frameworks such as SAML, OpenID, OAuth, etc.
- You have a deep understanding of Kubernetes, Jenkins, Terraform, Ansible, etc.
- You must have experience with scripting languages such as Python/Ruby/Perl/Bash
- You are well versed with OWASP Web Top 10 and Mobile Top 10 and SANS 25
- You are self-driven to keep things moving forward even in the face of ambiguity and imperfect knowledge
Bonus:
- Have participated in bug bounty programs or CTFs
- Have been a speaker at a security conference or a contributor in the security community
- Have security certifications such as OSWE, GWEB, CREST-CWAT
- Have cloud security certifications such as Google Professional Cloud Security Engineer, AWS certified security specialty
Why Join Us
We're a motivated bunch, with our eyes laser-focused on shipping extraordinary experiences to businesses. You will be surrounded by hardworking team members who share a common vision for what an amazing software company could be, and have the opportunity to help build an elite one, right here in downtown Toronto.
Apply Now
Have we got your attention? Submit your application today and a member of our recruitment team will be in touch with you shortly!
FreshBooks is an equal opportunity employer. We do not discriminate based on gender, religion, race, mental disability, sexual orientation, age, or any other status. All applicants are considered based on their qualifications and merits. At FreshBooks, we inspire an environment of mutual respect and we believe diversity and inclusion are crucial to our success.
FreshBooks provides employment accommodation during the recruitment process. Should you require any accommodation, please indicate this on your application and we will work with you to meet your accessibility needs. For any questions, suggestions or required documents regarding accessibility in a different format, please contact us at phone 416-780-2700 and/or accessibility@freshbooks.com.
Tags: Ansible Application security Automation AWS Bash Cloud CREST Cryptography DNS Incident response Kubernetes Microservices OpenID OSWE OWASP Perl Product security Python Ruby SAML SANS Scripting SDLC Security assessment Terraform Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs