Senior Application Security Engineer

Want more jobs like this?

Get jobs in Toronto, Canada delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

What You'll Be Doing

• Collaborate with stakeholders across the organization to drive application security maturity
• Perform application security testing,  code reviews, to identify and evaluate security vulnerabilities in applications, APIs
• Establish secure software development practices that make security an important piece of the SDLC pie
• Build security tooling and automations to scale the engineering team’s security practices
• Develop and maintain application security standards and provide guidance to software engineering teams
• Participate in incident response activities as needed including supporting engineering teams incident remediation efforts 
• Perform threat modeling and security architecture reviews to identify potential security risks and integrate security early in the development process.
• Be actively involved in Relay’s application security vulnerability management program, triaging and prioritizing vulnerabilities from application security tooling, vulnerability disclosure program, manual testing results
• Champion developer education initiatives on all things application security, while being an advocate for all things AppSec and Security at Relay. Tell us how you would reduce risk!

Who You Are

• You have 5+ years of experience in Application Security engineering,  application security penetration testing, developing and implementing changes. We are looking for builders: incremental changes or major initiatives.
• You're familiar with our tech stack: Node.js, GitHub (repositories and actions), AWS, HackerOne.
• You are experienced with programming languages such as JavaScript, Python, etc. 
• You have a deep understanding of application security concepts.
• You have done some presentations about security subjects/participated in CTFs
• You're automation-driven. Think small teams, high impact: tell us how to leverage systems to accelerate our velocity.
• You're self driven to improve security across the core product of the organization
• You're curious. The AppSec and security landscape isn’t static, and neither should you be!
• You're a team player. Our team is small and mighty, and we collaborate constantly - we want someone who is always willing to pitch in and isn’t afraid to ask for help.

Bonus Points

• Show us your home lab! We have Ubiquity gears everywhere and we like to geek-out on our k8s clusters that control in-house experience. Show us CVE, conference talks, etc. 
• Even when it seems impossible to identify security vulnerabilities, you understand and persevere knowing there is something lurking
• You’ve joined a company at its early stages and have seen it through scale
• You have experience working in a fintech startup


Research shows that women-identifying and other marginalized individuals tend to only apply when they meet 100% of the qualifications; if you don't have all the listed qualifications, we encourage you to apply anyway!

Our Commitment To You

• Competitive salary and meaningful equity: every team member gets a piece of the pie.
• Comprehensive health benefits: we offer full health benefits + an HSA/WSA starting from day 1 so you get the coverage you need.
• Considerable vacation/end-of-year holiday shutdown: we take time off to reset and recharge so we come back better for our customers.
• Hybrid work environment: we love collaborating and connecting in the office two times a week and offer catered lunches and a snack/beverage program for the days we’re in office. Don’t forget to bring in your furry friends!
• Personal and professional growth: support from leaders who care about your growth and success through regular feedback and coaching. Our goal is to make Relay a step-change career opportunity.
• Top-tier equipment: we’ll make sure you have everything you need to produce your best work.
• Team-first culture: we’re passionate about working collaboratively, bonding through team events, and most importantly having fun.

The Interview Process

• Stage 1: A 30-minute Google Meet video call with a member of the Talent Team
• Stage 2: A 45-minute experience deep dive interview with the Engineering Manager, Application Security
• Stage 3: A 1-hour live technical assessment via Google Meet with a member of the trust team and the engineering team
• Stage 4: A 30-minute Google Meet video call with a member of the executive team at Relay Financial