Are you passionate about securing modern applications and staying ahead of emerging threats? As an Application Security Specialist, you’ll play a critical role in protecting our digital ecosystem while working in a dynamic, collaborative, and growth-focused environment.

What You’ll Love About This Role:

• Constant Innovation: Work with evolving technologies, architectures, and applications in a fast-paced environment where change is the norm.

• Collaborative Culture: Join a team that values open communication, shared learning, and cross-functional collaboration.

• Growth & Development: We invest in your continuous skill development through hands-on experience, training, and mentorship.

• Impactful Work: Help shape and expand our application security testing program, contributing to the safety and resilience of our platforms.

CORE Technical Skills:

• 5+ years of experience on manual testing of software applications preferably using Burp Suite (or similar tools).

• Strong knowledge of OWASP TOP 10 Risks/Vulnerabilities -  Strong understanding of the risks that the issues represent, how they can impact an  organization, and what must be done to remediate them.

• Expertise with understanding risks/vulnerabilities and creating Test reports to summarize your findings 

• Solid understanding of the low-level principles or mechanisms of how web applications function and APIs operate.

Soft Skills:

• Clear Communication – the ability to translate security findings into a format that is of value to the intended audience. Providing context and clarifying why a finding is import.

• Curiosity – keeping up with emerging technology, frameworks, and methods of attack. 

• Attention to detail 

Additional Information: The Application Security Specialist role is responsible for designing, evaluating, and supporting application security and cloud security capabilities in support of the security and compliance programs at AIR MILES. Individuals in this role possess well developed technical skills, a strong familiarity with network, system, and application architecture, and an understanding of the technical security landscape. These strengths are applied to a variety of activities, such as application security reviews, consulting on system architecture, and securing cloud environments at scale. Individuals in this role perform a variety of activities, encompassing application, cloud, and infrastructure security including establishing standards, participating in investigations, and providing guidance on aligning to industry best practices.
 

Responsibilities:

• Reviewing system and solution architecture
• Consulting with software developers and supporting improvements to application security
• Consult on risk assessments and work with stakeholders to implement measures to mitigate risk
• Perform audit/testing on infrastructure and application controls and work with stakeholders on remediation activities
• Actively work with third party service providers to lead and support any work performed
• Contribute to monthly Information security metrics for reporting
• Establish relationships with internal stakeholders, keep abreast of technology, bring emerging risks to management attention, and identify opportunities for improving existing security processes.
• Consult on Internal Security Policy and Baseline Standards

Qualifications

• Experience performing DAST testing on web applications, or experience with penetration testing of applications or network environments.
• Experience creating security assessment reports and presenting them to clients.
• Demonstrated competency in project participation in a cross-functional environment and experience in managing remediation activities across the enterprise.
• Communication skills especially in areas where diplomacy is needed to help ensure that new policies and procedures gain the support they need to be adopted by the enterprise and management.
• At least 6 years of full-time work experience in information security and/or related functions
• Familiarity with Information security standards and IT frameworks
• Knowledge of Security Governance, Risk & Compliance and security audit practices.
• Experience in multiple security domains (e.g. Access control, application and system development, operations security, network, BCP/DR, etc.)
• Sound knowledge of network security and network security components such as firewalls, routers, intrusion detection and other products such as SIEM and anti-malware products.
• Strong knowledge of cloud architecture security and deployment of security controls in a cloud environment (e.g. MS Azure, AWS, etc.).
• Hands-on experience building and operating in a cloud environment.
• Thorough understanding of web application architecture, single sign on technologies, and the HTTP/HTTPS protocols.

Certifications

While not required, candidates with relevant certifications, such as OSCP, OSCE, GWAPT, or similar are encouraged to apply. We value hands-on experience and demonstrable skills equally.

About Us

The AIR MILES Reward Program is one of Canada’s most recognized loyalty programs, with over 10 million active collector accounts, representing more than half of all Canadian households. AIR MILES collectors earn Reward Miles at more than 300 leading Canadian, global and online brands and at thousands of retail and service locations across the country. AIR MILES is a wholly-owned subsidiary of the Bank of Montreal (BMO). BMO is Canada’s oldest bank and the 8th largest in North America with more than 12 million customers globally.

As a member of the AIR MILES team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at https://bmo.wd3.myworkdayjobs.com/en-US/External-AIR-MILES.

AIR MILES is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters: AIR MILES does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to AIR MILES, directly or indirectly, will be considered AIR MILES property. AIR MILES will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.