Application Security Engineer - Vancouver, BC

PNI Digital Media is a leading tech industry e-commerce solutions provider, and we’re proud to be one of BC’s Top Employers. We’re currently looking for an Application Security Engineer to join our Vancouver office. 

 In this role, you will work closely with developers, and architects in a SAFE Agile manner to ensure applications and the underlying infrastructure are designed and implemented to the highest security standards. This is a unique role at PNI where, under the direct supervision of Information Security Manager, the ideal candidate will act as both “breaker” and “builder” to help identify security vulnerabilities and develop secure solutions to mitigate application security risks.

 Duties and Responsibilities

 · Provide information security expertise related to web e-commerce application development

·  Perform routine web application security scans to keep an eye out for security threats

·  Create baseline threat model and risk assessment for different applications

·  Perform penetration testing on applications to identify and mitigate any security vulnerabilities

·  Develop ways to automate security testing of applications in production

·  Maintain and communicate status of application related threats, controls and risks to upper management

·  Assist developers in designing secure applications by conducting code reviews and system design reviews

·  Develop and maintain internal security tools to automate daily security operations

·  Create and maintain security documentations and policies

·  Keep up-to-date with evolving security vulnerabilities, attack patterns, and mitigation techniques

·  Provide technical presentations to developers on application security patterns and best practices

 Qualifications and Experience

 · Technical Degree with focus on infrastructure Security or Technical Degree supplemented by security training

 · 3+ years of experience in an application security related role a must

·   ­­­3+ years of experience designing and building secure web applications (preferably in C#/.NET) a must

·   Experience with reverse engineering, vulnerability research, and penetration testing

·   Experience designing, building and securing web applications in Azure

·   Solid understand and working knowledge of OWASP Top 10

·   Experience reviewing data flows and building web application threat models

·   Experience in supporting and analyzing security incidents in production (Incident Response)

·   Experience supporting compliance audits (PCI) is an asset

·   Understanding of trust models such as SAML, OAuth, and JWT is an asset

·   Experience providing security training to developers

·   Experience in developing and fostering a DevSecOps methodology

 Soft Skills

 · Ability to communicate technical issues to upper management and non-experts in terms of business risk

·   Superior analytical and problem-solving skills

·   Excellent written and verbal communication skills in English

·   Demonstrated ability to develop effective working relationship with employees, clients, and third parties

·   Able to drive and manage change

 What's It Like to Work at PNI?

At PNI, we never settle for status quo. We’re efficient but diligent. We never forget that our customers are our business. We value teamwork. And above all, we know how to have fun. We love dogs, video games, karaoke, popcorn and foosball. We celebrate our successes, and we hold charity and fitness events throughout the year. In addition to a fitness subsidy, mat leave top-ups, and a dog-friendly workplace, we offer our staff free fitness and yoga classes each week. Come and find out why we’re a consistently award-winning employer. Some of our recent accolades:

  • Canada Top 100 Employers

  • BC's Top Employers

  • SME Canada Top Small & Medium Employers

  • BC's Top Technology Companies

  • Profit 500 Company

PNI Digital Media offers on-demand, personalized print products, transaction processing, and order routing services to the world's largest retailers. We connect consumer-ordered digital content, whether from online, in-store kiosks, desktop software, or mobile phones, with retailers that have on-demand manufacturing capabilities to produce personalized products.