Reports To: Development Manager, Engineering & Security
Location: Ideally in the Calgary area; can be remote/hybrid
About the Job: With atVenu's accelerated growth, we need a Senior Application Security Developer to join the team. The successful candidate will be an adept Rails/React developer who enjoys looking backwards, refactoring legacy code to fix vulnerabilities, while keeping an eye towards the future developing new infrastructure features. They will have familiarity with PCI, GDPR, and SOC2 compliance/regulatory standards, and will have a keen interest in staying abreast of emerging security threats. They will be considered a subject matter expert in the field of software security and will be motivated to work collaboratively across teams, raising overall awareness of software security on a busy engineering team. Experience leveraging AI tools in software engineering and security would be nice to have.
Help shape our maturing security vulnerability management program, in support of our PCI DSS and SOC2 security compliance obligations
Participate in vulnerability assessments, security audits, penetration tests and manual inspection
Complete security code reviews with the use of scanning tools and manual inspection
Support incident response and architecture review processes when application security expertise in required
Integrate threat modeling practices into the product development life cycle
Review/analyze security logs/reports from a variety of sources; propose/implement recommendations for improvement
Conduct real time tactical management of security events in collaboration with compliance and engineering teams
Create and execute phishing campaigns inclusive of ongoing review/analysis/risk prioritization authentic phishing emails
Support Vendor Management activities to ensure security standards are adhered to
What You'll Bring:
8+ years of developer experience, with at least 3 of those years specialized in security vulnerability management
Proficiency with Ruby on Rails and React
Proven experience in mobile application development (IOS/Android)
Direct experience with enterprise server platforms, virtualized technology and cloud operations (AWS, Docker)
Expertise in employing analytics/threat intelligence techniques, incident response process and software security
Deep knowledge of compliance and privacy management across North America and Europe
Experience in the use of development and testing tools iwth strong knowledge of networking security
Excellent communicator capable of explaining vulnerabilities and weaknesses, and discussing effective defensive techniques to technical/non-technical team members
