Application Security Engineer at Finning

Company:

Finning International Inc.

Number of Openings:

1

Worker Type:

Permanent

Position Overview:

The Application Security Engineer ensures secure software development by integrating security tools into CI/CD pipelines and promoting DevSecOps practices. The role involves advising development teams, managing vulnerabilities, and driving security automation. Key responsibilities include mentoring on secure coding, maintaining security documentation, delivering training, and reporting risks and compliance to leadership. Strong technical expertise in application security and excellent collaboration skills are essential.

What we can offer you:

• Great people and place to work with a hybrid work opportunity
• Career advancement and training opportunities
• Pension and employee stock purchase plans with company contributions
• Extensive health benefits including group medical and dental benefits, and short-term and long-term disability benefits
• For this position, the expected salary range is between $100,000 and $120,000 annually. This range reflects our commitment to providing competitive compensation that aligns with industry standards and your qualifications.
  
  

Please note that the actual salary offer will be based on a candidate’s experience, qualifications, and fit for the role. We are dedicated to fostering an inclusive and equitable work environment, and this salary range is designed to support that commitment.

Job Description:

Major Job Roles:

Advisory and Guidance:

• Drive the adoption and integration of application security tools and practices across development streams
• Establish and maintain processes for identifying, triaging, and remediating vulnerabilities using automated security tooling
• Ensure security tooling is effectively embedded within CI/CD workflows to support scalable and consistent security coverage
• Advise on the integration and operationalization of application security tooling and practices, ensuring development teams are equipped to implement and maintain secure solutions
• Support teams in developing structured processes for managing alerts and remediation
• Evaluate and recommend improvements to existing security tooling and practices based on evolving needs and threat landscape
  
  

Collaboration & Mentorship:

• Act as a liaison between security and development teams to translate security requirements into actionable work items
• Enable development teams to adopt secure development practices through coaching, resources, and ongoing support
• Provide mentorship and technical guidance & training on secure coding, threat modeling, and vulnerability management
• Collaborate with each development group to establish coding standards, vulnerability and obsolescence management
• Work with development leads to ensure scorecard compliance and continuous improvement
• Promote DevSecOps principles by advising on security automation and fostering shared responsibility
  
  

Education and Stakeholder Engagement:

• Create and maintain documentation for security processes, tools, and standards
• Design and deliver targeted training and enablement programs tailored to development team needs and maturity levels
• Promote awareness of emerging security threats and mitigation strategies
• Engage stakeholders to align security initiatives with business goals
  
  

Liaison & Communication:

• Monitor and report on the effectiveness of security controls and posture across public-facing applications
• Communicate security risks, tool performance, and compliance status to leadership and stakeholders
• Coordinate with cross-functional teams to ensure alignment on governance and ownership of security tools and processes
• Define governance models for ownership, lifecycle management, and compliance of security tooling
  
  

Mandatory (Must-Have) Skills Required:

• Strong knowledge of application security principles and secure SDLC.
• Hands-on experience with security tools (e.g., GitHub Advanced Security, SonarCloud, SAST/SCA).
• Familiarity with OWASP Top 10 and DevSecOps practices.
• Proficiency with CI/CD pipelines and security automation.
• Excellent communication and collaboration skills.
• (Preferred certifications: CISSP, CEH, OSCP.)
  
  

Soft Skills:

• Excellent communication and collaboration skills
• Ability to translate technical security concepts into business-relevant language
• Proven track record of working with cross-functional teams to drive security initiatives
  
  

At Finning, we prioritize creating a diverse and inclusive environment. We are proud to be an equal opportunity employer, and we actively encourage all individuals to express themselves and achieve their full potential. As a company, we continuously strive to enhance our outreach to individuals of all backgrounds and identities. We do not discriminate against applicants based on gender identity, race, national and ethnic origin, religion, age, sexual orientation, marital and family status, and/or mental or physical disabilities. Furthermore, Finning is committed to collaborating with and providing reasonable accommodations /adjustments to individuals with disabilities. If you require an adjustment/accommodation at any point during the recruitment process, please inform your recruiter.