Senior Defensive Security Advisor at Desjardins identifying and mitigating threats across systems and networks. Leading complex initiatives and collaborating with stakeholders for effective security posture.
About the role
- Own the vision, strategy, and roadmap for the Application Security program enterprise-wide.
- Build, mentor, and lead a team of AppSec engineers and specialists.
- Define program objectives, performance metrics, and KPIs to measure and report success.
- Advocate for application security at all levels of the organization, from developers to executives.
- Collaborate with software engineering teams to integrate security controls, best practices, and policies throughout the SDLC.
- Promote a "security by design" culture by coaching and mentoring developers on secure coding practices.
- Support threat modeling, secure code reviews, and security architecture discussions.
- Implement, configure, and maintain application security tooling (SAST, DAST, SCA, IaC scanning, API security, container security).
- Integrate security checks into CI/CD pipelines using GitHub and other platforms.
- Evaluate emerging technologies and recommend tools that enhance automation and scalability.
- Partner with SOC analysts to investigate application-layer alerts, incidents, and vulnerabilities.
- Track and report key security metrics, including vulnerability remediation timelines, pipeline coverage, and compliance with policies.
- Provide executive reporting and actionable insights on AppSec maturity and risk reduction progress.
Requirements
- Proven ability to design, lead, and scale an enterprise application security program.
- Strong understanding of secure software development, OWASP Top 10, threat modeling, and vulnerability management.
- Experience partnering with development organizations to secure agile/DevOps pipelines.
- Hands-on familiarity with security tooling (SAST, DAST, SCA, IaC, container security) and integrating with source code management (GitHub/GitLab, etc.).
- Excellent communication, leadership, and stakeholder management skills.
- Ability to lead through influence and establish a strong security culture across multiple technology teams.
- 5+ years of professional experience in information security with a focus on application security, 2+ years in a leadership role desired.
- Previous experience as a developer or working closely with software development teams is strongly preferred.
- Certifications such as CSSLP, GWAPT, GWEB, CSSLP, OSWE, or other relevant industry credentials are a plus.
- Proven experience leading security initiatives at scale in enterprise environments, ideally within financial services or other highly regulated industries.
- Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.
Benefits
- Competitive compensation
- Generous vacation policy, paid holidays, and paid sick time
- Medical Insurance, Dental Insurance, and Vision Insurance (employee-paid)
- Company-paid Short-Term and Long-Term Disability Insurance
- Company-paid Group Life insurance
- Company-paid Employee Assistance Program (EAP) and Calm App subscription
- Employee-paid Pet Insurance and optional supplemental insurance coverage
- Vested 401(k) with company match and financial wellness programs
- Flexible Spending Account (FSA), Health Savings Account (HSA) and commuter benefits options
- Paid maternity leave, paid paternity leave, and fertility benefits
- Career growth and learning opportunities
- …and so much more!
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Life and health insurance financial security advisor serving clients by providing advice and maintaining business relationships. Focused on sales of insurance products and services based on client needs.
CE
Care New EnglandDirector, Security
Director of Security overseeing all safety and security operations for Women & Infants Hospital. Responsible for deterring crime, protecting premises, and managing transport services.
Responsable Pôle Sécurité Médiation Fraude managing security operations for public transport services in Metz. Ensuring safety and compliance while optimizing fraud prevention strategies.
RB
Cyber Security Engineer at Regions focusing on cloud and infrastructure security. Designs and implements cybersecurity solutions while providing technical support and guidance.
CA
Capital.comIAM Security Engineer
IAM Security Engineer focusing on identity and access management automation in a dynamic digital assets company. Contributing to scaling IAM infrastructure through automated solutions and secure user lifecycle management.
FC
Ford Motor CompanySecurity Systems Data Integration Specialist
Data Analyst joining Ford's team to focus on security technologies and data integration. Responsible for improving data operations across global infrastructure and complex requests.
FC
Ford Motor CompanyMobile App Product Manager, Vehicle Security
Digital Product Manager at Ford creating connected vehicle experiences through integrated hardware and software solutions. Collaborating with teams to enhance customer experience through new digital products.
Cybersecurity Engineer implementing Zero Trust Reference Architecture solutions at Mythics. Deploying and maintaining Forescout platform within secure environments.
WA
WattpadSecurity Governance Manager
Security Governance Manager at WEBTOON responsible for IT and Security governance framework. Collaborating with Legal, Product, and Engineering teams in Los Angeles headquarters.