Application Security, Lead

Application Security Lead
At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real‑time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.

Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical gurus and high‑performance application developers? We want to hear from you.

We are currently recruiting for a full‑time Application Security Lead to be part of our Threat & Vulnerability Management team within Cybersecurity. This role will lead the Application Security practice and work with cross‑functional teams to ensure products and applications are built securely.

You’ll be responsible for:

Lead application security practice at Interac in alignment with product and business objectives.

Build and maintain a comprehensive application security strategy to identify and mitigate product vulnerabilities.

Work alongside and educate product development teams as the subject matter expert in application security to design secure products to protect Interac’s customers.

Integrate application security tools into Dev Sec Ops  practice, reducing development friction and vulnerabilities in production.

Integrate application security processes throughout the Secure Software Development Life Cycle (SSDLC).

Perform threat modelling on new systems, products, and features and facilitate secure architecture and design discussions.

Develop and implement code reviews and automated security testing processes to monitor compliance to secure coding standards.

Develop and report on actionable KPIs and KRIs against application security policies and standards.

Collaborate with other cybersecurity functions such as IR, VM, and Cloud Security as needed to mitigate application security risk.

Continuously improve application security technology by staying up‑to‑date with latest trends and advancements.

Clearly communicate with both technical and non‑technical stakeholders, ensuring transparency and understanding of security measures.

Demonstrate proficiency in programming languages commonly used in application development.

You bring:

5-7 years of experience in Application Security or related fields.

Post‑Secondary degree or diploma in Engineering, Programming/Systems, Computer Science, or another related discipline.

Eligibility to work for Interac Corp. in Canada in a Full Time Capacity.

Outcome driven, ability to figure‑it‑out to reach the desired outcome.

Strong sense of personal responsibility and accountability for delivering high‑quality work, both personally and at a team level.

Ability to communicate effectively to both technical and non‑technical stakeholders.

Ability to work autonomously with attention to detail.

Understanding of technical concepts and an avid learner of new technology.

Technical

Skills:

Expertise in Dev Sec Ops  practices and SSDLC frameworks.

Experience with threat modelling, design reviews, and risk analysis.

Strong understanding of security risks, threats, and vulnerabilities.

In‑depth knowledge of authentication, authorization, network security, vulnerability exploitation, and vulnerability remediation.

Experience with SAST/DAST/SCA tools such as Veracode, Sonar Qube, Snyk, or Burp Suite.

Experience with overseeing or conducting application penetration tests.

Proficiency in common programming languages used within application development such as Java, JavaScript, or Python.

Knowledge of security industry standards and best practices such as OWASP, ISO 27001/2, NIST.

Cybersecurity certificates such as CISSP, CSSLP, OSCP.

Interac requires employees to complete a background check that is completed by one of our service providers. We use this service to complete the following checks:

Canadian criminal record check;

Public safety verification;

Canadian ‑check;

5‑year employment verification;

Education verification; and

If applicable, Credit Inquiry and Social Media Check

How we work
We…