Mechanical Orchard - Information Security Engineer (Application Security Focus)

Mechanical OrchardRemote - Canada (Remote)3w ago

Upload My Resume

Drop here or click to browse · PDF, DOCX, TXT

Apply in One Click

Requirements

Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field, or equivalent practical experience.
Strong written and verbal communication skills in English.
5+ years of professional experience in information security, with a significant focus on application and cloud security.
Professional software development experience, with hands-on responsibility for designing, building, and maintaining production systems in a language like Python, Go, Java, JavaScript, or similar.
Strong understanding of application security principles: OWASP Top 10, secure authentication/authorization, encryption, API security.
Experience with cloud platforms (AWS, GCP, or Azure) and cloud-native security.
Hands-on experience with CI/CD systems and DevOps practices.
Knowledge of container security and orchestration platforms (Docker, Kubernetes).
Experience implementing security tools like SAST/DAST scanners, dependency checkers, or secrets detection.
Experience with security tools such as Aikido, Snyk, Semgrep, Trivy, Wiz, HashiCorp Vault, or similar.
Collaborative mindset—you build security solutions with engineers, not against them.
Ability to communicate security concepts clearly to technical and non-technical audiences.
Familiarity with Infrastructure-as-Code (Terraform, etc) and policy-as-code tools.
Background supporting compliance frameworks (SOC 2, ISO 27001, FedRAMP, CMMC).
Security certifications (OSCP, OSWE, CEH, CISSP, CSSLP) are a plus.

Build Security into Development: Work alongside engineering teams to integrate security throughout the SDLC; from design reviews and threat modeling to secure coding practices. Conduct security assessments of applications, APIs, and cloud infrastructure. Guide developers on secure authentication, authorization, cryptography, and data protection. Champion security best practices while maintaining developer velocity and trust.
Implement Security Tooling & Automation: Deploy and manage application security tools including SAST, DAST, SCA, and container scanning. Build automation for security testing in CI/CD pipelines. Implement and improve secrets management solutions. Create dashboards and metrics to track security posture.
Drive Security Initiatives: Lead application vulnerability management programs including triage, prioritization, and driving remediation. Support security compliance efforts (SOC 2, ISO 27001, or similar frameworks). Contribute to incident response and security event investigation. Develop security training and documentation for engineering teams.
Collaborate Across Teams: Partner with infrastructure and DevOps teams on cloud security controls. Perform risk assessments for new features, technologies, and third-party integrations. Participate in architecture reviews and provide security guidance.