OT Cybersecurity Consulting Director at Marsh leading cyber risk assessments and consulting projects across Canada and other regions. Requires strong technical knowledge and client relationship building.
About the role
- Application Security Manager leading DevSecOps function at Corebridge Financial. Overseeing secure software development practices and team management for application security initiatives.
Responsibilities
- Lead the application security program with a focus on securing CI/CD pipelines, cloud-native apps, and microservices.
- Manage a team of DevSecOps engineers and security champions across development squads.
- Develop and implement scalable security tooling, static and dynamic code analysis software composition, and Software Bill of Material.
- Integrate AI and machine learning tools for threat modeling, code analysis, and anomaly detection.
- Collaborate with development, infrastructure, and product teams to ensure secure architecture and coding practices.
- Establish AppSec policies, threat modeling frameworks, and secure coding guidelines.
- Build metrics and reporting to track the effectiveness of AppSec initiatives and risk posture.
- Evaluate and implement AI-based AppSec tools and integrations within the DevSecOps toolchain.
- Lead incident response and secure code review processes for critical applications.
- Act as the primary point of contact for application security audits and compliance initiatives.
Requirements
- 7+ years of experience in application security, including 2+ years managing security teams.
- Strong knowledge of secure coding practices in modern languages (e.g., Python, Java, JavaScript, Go).
- Experience deploying and managing AppSec tools such as SAST, DAST, SCA, IaC scanners, Application Security Posture Management (ASPM) and secrets detection tools.
- Hands-on experience in CI/CD platforms (e.g., GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
- Solid understanding of cloud-native architectures (AWS/GCP/Azure), containers (Docker), and orchestration (Kubernetes).
- Experience with Infrastructure-as-Code (e.g., Terraform, CloudFormation) and securing DevOps pipelines.
- Familiarity with AI-driven AppSec tools for vulnerability management, threat detection, and LLM-assisted secure code review.
- Experience with LLMs (e.g., OpenAI GPT, Gemini) for code analysis, threat modeling, secure coding guidance or vibe coding.
- Understanding of prompt engineering, model fine-tuning, or integrating AI APIs into security workflows.
- Bonus: Experience in AI security (e.g., adversarial ML, model poisoning, AI system threat modeling).
- Bonus: Experience in SAP Security, code review, vulnerability management, and threat monitoring.
- Bachelor’s degree in a relevant field or proven record of experience in Information Technology and Cyber Security roles.
- Certifications: OSCP – Offensive Security Certified Professional (Required or strong preference) GWAPT - GIAC Web Application Penetration Tester OSWE – Offensive Security Web Expert (Preferred) CISSP – Certified Information Systems Security Professional (Preferred) GPEN – GIAC Penetration Tester (Preferred) AI/ML Certifications – e.g., Microsoft AI-102, Google Cloud ML Engineer, or similar (Bonus)
Benefits
- Health and Wellness: We offer a range of medical, dental and vision insurance plans, as well as mental health support and wellness initiatives to promote overall well-being.
- Retirement Savings: We offer retirement benefits options, which vary by location. In the U.S., our competitive 401(k) Plan offers a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay and a Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately.
- Employee Assistance Program: Confidential counseling services and resources are available to all employees.
- Matching charitable donations: Corebridge matches donations to tax-exempt organizations 1:1, up to $5,000.
- Volunteer Time Off: Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work.
- Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Senior Cyber Security Consultant delivering high - impact cybersecurity solutions to clients in various industries in Montreal. Collaborating closely with project managers and guiding junior consultants.
Consultant technique pour Microsoft 365 Security à Ingram Micro, impliqué dans le support avant - vente et le déploiement des solutions cloud Microsoft.
Specialist in Information Security at IESO ensuring security for Ontario's electricity system. Responsibilities include monitoring access logs, delivering security programs, and investigating breaches.
Partner Sales Specialist focusing on enabling partners to sell Microsoft Security solutions. Collaborating with teams to activate partners for effective sales across their customer base.
Cybersecurity Engineer enhancing enterprise security posture at GDIT. Designing secure identity controls and managing authentication solutions for Microsoft environments.
Activity Security Representative providing multi - disciplined security support for a customer’s facility at GDIT. Role involves ensuring security protocols and maintaining documentation for classified materials.
Information Security Officer developing risk management systems and collaborating with stakeholders for a tech company. Working on information assets and engineering teams in a hybrid working environment.
Security Lead managing GSA cloud applications security architecture. Collaborating with teams to ensure compliance with federal security standards and best practices.
Security Officer providing safety and security services in East Valley locations for Banner Health. Involves emergency response, patrols, alarm monitoring, and writing reports.