Application Security Lead
Application Security Lead
Location: Toronto, ON, Hybrid, 3 days on-site per week, mandatory
Language: English, fluent written and verbal communication required
Background Check Requirement: Criminal background check required
About the Opportunity
This organization plays a critical role in protecting Canada’s digital financial ecosystem, supporting secure payments, identity services, and fraud prevention at national scale. The work here directly impacts millions of Canadians every day and helps safeguard essential financial infrastructure.
You’ll join the Cybersecurity function as an Application Security Lead, reporting into Threat and Vulnerability Management. This is a net-new, high-visibility role where you’ll build and shape the application security practice from the ground up. Working closely with product and engineering teams, you’ll embed security into how products are designed, built, and delivered across the organization.
What’s In It for You
This is an opportunity to own something meaningful. You’ll have real influence, autonomy, and visibility, with the chance to define standards, processes, and tooling rather than inherit them. The environment values curiosity, learning, and outcomes over rigid checklists, offering room to grow while working on security challenges that genuinely matter.
Your Responsibilities
You’ll build and lead the application security practice, defining standards, best practices, and processes.
In this role, you’ll embed security directly within development teams and product workflows.
You’ll integrate application security into DevSecOps and the Secure Software Development Life Cycle.
You’ll perform threat modelling, design reviews, and risk assessments for new and existing products.
You’ll oversee code reviews, automated testing, and application penetration testing activities.
You’ll define, track, and report on actionable application security KPIs and KRIs.
You’ll collaborate closely with incident response, vulnerability management, and cloud security partners.
You’ll help evaluate, recommend, and evolve application security tooling over time.
Skills and Qualifications
5–7 years of experience in application security or a closely related field.
Strong technical foundation, ideally from a development-first background.
Hands-on experience with DevSecOps, SSDLC frameworks, and secure coding practices.
Experience with SAST, DAST, or SCA tools such as Veracode, Snyk, SonarQube, or Burp Suite.
Proficiency in common development languages such as Java, JavaScript, or Python.
Strong understanding of OWASP, NIST, and ISO 27001 principles.
Ability to clearly explain security decisions and influence technical and non-technical stakeholders.
Certifications such as CISSP, CSSLP, or OSCP are considered an asset, not a requirement.
Note from the Hiring Manager
“We’re looking for someone who leads by doing, can influence teams through action, and enjoys building something meaningful rather than inheriting a finished program.”
Why Partner with Altis
If you’ve never worked with a staffing agency before, we make it easy. We work with top employers across Canada who have great jobs to fill, each vetted and verified by our team. When you apply for a job with Altis, we get to know you as a candidate and learn what your strengths are. Then, if you’re a solid match, we handle all the logistics, advocating for you as a candidate for the role, providing access to coaching and connecting you directly with the hiring manager. And rest assured, all our services are free of cost for candidates.
We appreciate the time and effort all applicants invest in their submissions. Please note that only candidates shortlisted for this role will be contacted directly. However, your profile will remain under consideration for future opportunities that align with your experience and career goals. All qualified applicants will receive fair consideration for employment. We welcome individuals of all backgrounds, experiences, and identities including those who identify as women, members of racialized groups, Indigenous Peoples, persons with disabilities, and 2SLGBTQIA+ communities. If you require an accommodation, please review our accessibility policy and reach out to our accessibility officer with any questions. Our human recruiters review all applications and always make the final hiring decision. On occasion, we also use AI-assisted tools to help review applications.
Similar Jobs
