Application Security Engineer
At CoLab, we help engineering teams bring life-changing products to the world years sooner. Our product, CoLab, is the world’s first Design Engagement System (DES) - a category defining product that Engineering teams use to engage in meaningful, productive design conversations, catch preventable mistakes, and get to market faster. Our customers include the largest engineering organizations in the world such as Ford, Johnson Controls, Komatsu, and Polaris in the industrial equipment, consumer products, automotive, aerospace & defense, and shipbuilding industries.
As a Security Engineer you will work closely with product development teams to ensure security is a focus across all stages of our software development lifecycle. You will perform penetration tests, conduct security reviews, provide remediation guidance and continuously evolve our application security culture. Your work will be critical in ensuring what we build meets the highest security bar, protecting our customers and maintaining their trust.
What you’ll do:
- Conduct frequent web app and integration penetration tests to identify vulnerabilities. Provide recommendations on architectural and code changes to mitigate findings.
- Work as a core member of multiple development teams to review designs, stay updated on implementation changes, build trust, and identify security issues early in development.
- Accurately convey complex risks to engineering, product and technical leadership, partnering with them to prioritize remediation of security issues.
- Work with the Security team to help shape and evolve our application security processes and culture.
- Become an offensive security subject matter expert. Utilize your skills to foresee security vulnerabilities in upcoming features and guide developers on how to avoid these issues.
- Develop and maintain automated security tests to continuously improve security coverage in our CI/CD pipeline
- Participate in the development and promotion of our internal Application Security resource library, equipping developers with the tools to conduct security audits of their own code.
What you’ll need:
- 2-5 years of professional experience in a development or security role
- Committed to continuous learning and self-improvement. Willing to work towards a technical penetration testing certification such as the OSCP, OSWA or similar.
- Capable of using exceptional problem solving skills to identify minute technical issues.
- Able to tactfully convey challenging issues and risks to developers and management.
- Able to self manage and prioritize competing tasks, escalating issues to senior resources as needed.
- A determined individual, capable of persevering when success indicators are not clearly defined.
Success measured by:
- Accurately and effectively evaluating and testing product designs, architecture, and developed features
- Calmly and professionally communicating security bugs and vulnerabilities, as well as design and architecture concerns/risks, to the respective application development and product management teams
- Clear, concise and well structured verbal and written communications
- Ability to proactively identify and comprehend risk
- Taking ownership and responsibility for their work, their actions and commitment timelines
- Constant proactive improvement of application security processes and guidance
- Maintaining a culture of security awareness across the product development teams, and across the company
The extra details:
- Compensation: This is a full-time, permanent position with an attractive compensation package that includes a stock options package.
- Benefits:
- Canada: This role offers an extended health and benefits package that includes unlimited paid vacation and RRSP matching.
- USA: This role offers health and dental insurance (covered at 100% for the employee) and unlimited PTO.
- Remote/Hybrid Work: Our main office location is in St. John’s, NL where we offer hybrid and remote opportunities. This role has the flexibility to work from anywhere within eastern Canada or eastern USA.