<img alt="" src="https://secure.peak2poem.com/196353.png" style="display:none;">

Senior Staff Developer - Application Security

Martyn Bassett Inc
Remote Canada



Our client is a Canadian success story founded by serial entrepreneurs with the ambitious goal of becoming the largest tech company in their category!

Our client's suite of retail management and POS solutions power retail and e-commerce experiences - globally. Their platform powers and processes $15+ Billion of the transaction value.

Rooted in cultural values, which include character, community and innovation, our client has crossed the 450 employee mark and has won numerous "Best Places to Work" awards.

Our client is headquartered in Canada with offices around the world. They have embraced a permanent remote/WFH model to attract the best talent in the market, irrespective of location.


This role will be our client's first hire on their brand new Application Security team!

Your mission will be to incorporate application security and assist with the adoption of security practices into the SDLC. You will investigate and evaluate tools and technologies to better AppSec practices, threat remediation/ mitigation, and threat detection.

You will also develop and champion security standards for application development, architecture and design. Performing risk and threat modelling and assisting teams in these efforts alongside triaging and investigating potential security incidents.

Experience & Expertise

  • Ample experience with Application Security in a B2B SaaS environment
  • High quality C# coding across team silos for organizational coding needs
  • Experience with software development tools; control systems (GIT), automated build systems, compilers, software validation systems, project tracking, test automation tools, and lifecycle management systems
  • Proven development experience working thru Risk and Threat Modelling (BIA/OTRA)
  • Deep understanding microservice architectures and asynchronous messaging architectures
  • High cardinality structured event telemetry
  • Experience with security-related audit standards (e.g. PCI-DSS)
  • Certified in; GWEB, GIAC, CSSLP or Microsoft Security Certification
  • Familiarity with common security authorities (e.g. OWASP)
  • Familiarity with static and dynamic application security testing practices and technologies
  • Experience in security incident; triage, investigation, remediation