Application Security Engineer- (Toronto, ON)

About GeoComply

We’re GeoComply! We are at the forefront of geolocation, cybersecurity, and anti-fraud innovation, developing and delivering cutting-edge technologies to help ensure regulatory compliance, combat bad online actors, alleviate user friction, and protect businesses from fraud.

Achieving significant business and revenue growth over the past three years and dubbed a tech “Unicorn,” GeoComply has been trusted by leading global brands and regulators for over ten years. Our compliance-grade geolocation technology solutions are installed on over 400 million devices and analyze over 12 billion transactions a year.

At the heart of it all is the people, united by a deep commitment to problem-solving and revolutionizing how people and businesses use the internet to instill confidence in every online interaction. With teams across five countries, three continents, and a global customer base, we have no plans to slow down.

As an Application Security Engineer at GeoComply, you’ll play a vital role in ensuring our applications are secure, resilient, and trustworthy. You’ll work within a team that influences secure design, performs code analysis, and identifies vulnerabilities through hands-on testing. This role involves designing, implementing, and maintaining robust security measures throughout the Software Development Lifecycle (SDLC), fostering a culture of security across development and operations teams.

• Application Security Review: Drive the secure development lifecycle by conducting design reviews, automated testing, and hands-on penetration testing to identify potential security vulnerabilities across applications and non-compliance with security standards.
• Threat Modeling: Identify potential attack vectors and devise strategies to mitigate these threats.
• Secure Design Consultation: Collaborate with development teams early in the SDLC to establish and integrate security requirements, ensuring robust security architecture for new projects and releases.
• Security Tools Management: Implement and manage advanced security tools, focusing on automation. Leverage Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), security scanners, and bug bounty programs to assess and secure applications.
• Developer Education & Engagement: Act as a security advocate within GeoComply’s development community. Educate software engineers on secure coding practices through training sessions, security guidelines, and one-on-one mentorship, fostering a strong security culture across teams.
• Assisting During Incident Response: Serves as a trusted subject matter expert to bring application security expertise to root-cause analysis and remediation planning where appropriate.

• Proficient in at least one programming language relevant to GeoComply’s technology stack (e.g., Java, Golang, Python, JavaScript )
• Experienced in deploying and configuring enterprise-grade security tools, including SAST, DAST, and security scanners.
• Familiarity with leading security tools, such as BurpSuite, ZAP and Metasploit, for identifying and managing vulnerabilities.
• Bug Bounty and Vulnerability Management: Skilled in supporting bug bounty programs, including triage, validation, and re-testing of security findings to ensure effective remediation.
• Data Protection and Cryptography: Competence in designing secure solutions for sensitive data, applying cryptographic techniques, access controls, and hardware security modules (HSM) to protect critical assets.
• Version Control Systems: Proficiency with Git (GitHub).
• CI/CD and Automation Experience: Experienced in integrating security within CI/CD pipelines, utilizing tools like Jenkins, Artifactory, and related automation technologies.
• Authorization & Networking Protocols: Familiarity with authentication/authorization frameworks (OAuth, SAML, OpenID, ADFS, SCIM) and a solid understanding of network and web related protocols (e.g. TCP/IP, UDP, HTTP, REST, DNS, SMTP).
• Architecture Knowledge: In-depth understanding of web application architectures, APIs, microservices, and cloud-native systems.

• Educational Background: Bachelor’s degree in Computer Science, Engineering, MIS, CIS, or a related discipline is required.
• Professional Experience: 3+ years of experience in application security, including hands-on roles in code analysis, vulnerability identification, and secure design.

At GeoComply, we’re at the forefront of geolocation, cybersecurity, and anti-fraud innovation. Joining our team means working on cutting-edge technology with a group of passionate, skilled individuals who prioritize security, teamwork, and continuous growth. We offer a collaborative hybrid work environment and value in-person interaction while providing flexibility for our team members.

Apply Now!

Interested in joining our team? Send us your resume and a cover letter. We can’t wait to meet you!

Commitment to Diversity and Equity.

If you don't tick every box in this job description, please don't rule yourself out. Research suggests that women and other people in underrepresented groups tend to only apply if they meet every requirement. We focus on hiring people who value inclusion, collaboration, adaptability, courage, and integrity rather than ticking boxes, so if this resonates with you, please apply.

Search Firm Representatives Please Read Carefully

We do not accept unsolicited assistance from search firms for employment opportunities. All CVs or resumes submitted by search firms to any employee at our company without a valid written agreement in place for this position will be considered the sole property of our company. No fee will be paid if a candidate is hired by GeoComply due to an agency referral where no existing agreement exists with the GeoComply Talent Acquisition Team. Where agency agreements are in place, introductions must be through engagement by the GeoComply Talent Acquisition Team.

Why GeoComply?

Joining the GeoComply team means you’ll be part of an award-winning company to work, learn and grow. We are fast-paced, high-impact, and have a can-do team culture.

To be successful in our organization, you need an eager attitude, professionalism, and the confidence to willingly work to prove yourself and your ideas, and earn the trust of the organization.

Here’s why we think you’d love working with us.

We’re working towards something big

We’ve built a reputation as the global market leader for geolocation compliance solutions for over 10 years. We’re trusted by customers from all over the world, and the next few years will be particularly exciting as we continue to scale across new markets.

Our values aren’t just a buzzword

Our values are the foundation for what we as a company care about most. They signify the commitment we make to each other around how we act and what we stand for. They are our north star as we work together to build a company we’re all proud to be a part of. Learn more, here.

Diversity, equity, and inclusion are at the core of who we are

In collaboration with our team and external partners, we promote DEI in our recruitment and hiring practices; scholarships and financial aid; training and mentorship programs; employee benefits, and more.

Learning is at the heart of our employee experience

At GeoComply, we foster an environment that empowers every employee to gain the knowledge and abilities needed to perform at their very best and help our organization grow. From a professional development budget to local training opportunities, knowledge-sharing sessions and more, we are continually investing in employee career growth and development.

We believe in being a force for good

We profoundly care about our impact on the world and strive to make meaningful contributions to the communities we work and live in. Our Impact division focuses on philanthropic and social responsibility initiatives, including supporting our local communities, advancing equality, and harnessing our technology to protect vulnerable groups. Learn more, here.

We care about our team

Our GeoComply team is talented, driven and hard-working, and is known for its positive attitude and energy.  At GeoComply, we take care of our employees with the total package. Team members are generously rewarded with competitive salaries, incentives, and a comprehensive benefits program.

We value in-person collaboration

GeoComply culture thrives on a dynamic mix of in-person energy and independent focus and we champion a hybrid work model that blends the energy of in-person collaboration with the flexibility to work from home. Our 3-day in-office policy fosters teamwork and innovation, while also recognizing the importance of individual work styles and needs.

- - - - - - - - - -

At GeoComply, we live our value of Act with Integrity. Our workplace is built on mutual respect and inclusion, and we welcome applicants of all backgrounds, experiences, beliefs, and identities. Creating an accessible interview experience for all candidates is important to us. If you have any requests (big or small) throughout our hiring process, please don’t hesitate to let us know so we can do our best to prioritize your needs.

We care about your privacy and want you to be informed about your rights. Please read our Applicant Privacy Notice before applying for the position.