Job Title: Application Security Lead (Not people manager, but individual contributor)
Location: Toronto, ON, Hybrid, 2–3 days on site
Job Type: Permanent
Compensation: $100-130k/y + RRSP 7% + 10% bonus + 3 weeks' vacation

About the Opportunity
Join a growing Cybersecurity team that protects critical consumer and business products across a national payments ecosystem. In this role, you will lead the Application Security practice, partnering with engineering and product to build security into every stage of delivery.
You will act as the subject matter expert, shaping the Secure SDLC, enabling DevSecOps, and ensuring new features ship quickly and safely.
This role owns the Application Security practice, embeds security into product delivery, reduces developer friction, sets metrics, and partners across Cyber (IR, VM, Cloud) to manage risk.
This opportunity sits within the public–private financial services space, with meaningful impact at scale.

What’s in it for You
A culture that celebrates balance and continuous learning. Access to modern tooling, mentorship from seasoned security leaders, and cross-functional exposure with Product, Cloud, and Incident Response. Opportunities to influence standards, dashboards, and roadmap decisions.

Your Responsibilities

• You’ll build and lead the application security program as an individual-contributor technical lead. You’ll define and run the application security strategy, aligned to business and product goals.
• You’ll integrate AppSec tooling into CI/CD to reduce friction and production risk.
• In this role, you’ll embed security into the SSDLC, from requirements to release.
• You’ll lead threat modeling, design reviews, and secure architecture discussions.
• You’ll establish code review and automated testing guardrails, plus KPIs and KRIs.
• You’ll collaborate with IR, Vulnerability Management, and Cloud Security to mitigate risk.

Skills and Qualifications

• Strong software development background (languages, architecture, SDLC practices).
  Practical AppSec knowledge, such as: OWASP Top 10, secure coding, threat modeling, vulnerability remediation.
• Proven ability to communicate clearly with engineers and non-technical stakeholders.
  Experience working with security teams or serving as a security champion; hands-on with integrating security tools into CI/CD.
• Solid understanding of application security (Appsec), with hands-on work in DevSecOps and SSDLC.
• Strength in threat modeling, risk analysis, authentication and authorization patterns.
• Practical experience with SAST, DAST, and SCA tools, for example Veracode, SonarQube, Snyk, Burp Suite.
• Proficiency in at least one programming language such as Java, JavaScript, or Python.
• Knowledge of OWASP, NIST, ISO 27001/27002, plus certificates like CISSP, CSSLP, or OSCP.

Note from the Hiring Manager
“We are looking for a builder, someone who can partner with developers, reduce noise, and design simple guardrails that help us ship secure software, faster.”

Why Partner with Altis
“If you’ve never worked with a staffing agency before, don’t worry, we make it easy. You’ll still engage directly with the client while we handle the logistics, provide guidance, and keep you informed every step of the way. We’ll represent your strengths, guide you through each stage of the process, and ensure the experience feels personal and transparent.”

We appreciate the time and effort all applicants invest in their submissions. Please note that only candidates shortlisted for this role will be contacted directly. However, your profile will remain under consideration for future opportunities that align with your experience and career goals. All qualified applicants will receive fair consideration for employment. We welcome individuals of all backgrounds, experiences, and identities including those who identify as women, members of racialized groups, Indigenous Peoples, persons with disabilities, and 2SLGBTQIA+ communities. If you require an accommodation, please review our accessibility policy and reach out to our accessibility officer with any questions. Our human recruiters review all applications and always make the final hiring decision. On occasion, we also use AI-assisted tools to help review applications.