Senior Application Security Analyst
Indexed description
Description
Purolator is one of Canada’s leading integrated freight, package, and logistics solutions providers, delivering dependable service to customers across the country. Security is a core enabler of Purolator’s digital and operational strategy. The Information Security Office partners closely with technology and business teams to protect Purolator’s systems, data, and customers while enabling innovation and secure delivery at scale.
The Senior Application Security Analyst is responsible for embedding security into the software development lifecycle (SDLC) by partnering closely with application and engineering teams. This role focuses on identifying, assessing, and reducing application and API security risk through threat modeling, secure design reviews, vulnerability management, and the operationalization of application security controls.
The successful candidate will act as a subject matter expert for application security, providing hands‑on guidance to development teams while helping mature secure development practices across the enterprise.
Responsibilities
Application & API Security
- Perform application and API security assessments, including design reviews, threat modeling, and architecture reviews, in alignment with enterprise application security standards
- Identify security risks across custom‑built, SaaS, and third‑party applications and work with application owners to define practical remediation plans
- Review authentication, authorization, data handling, and integration patterns to ensure secure‑by-design implementations
- Embed security requirements and controls early in the SDLC (“shift left”) by working directly with development and delivery teams
- Support the integration and tuning of Static Application Security Testing (SAST), Software Composition Analysis (SCA), secret scanning, Dynamic Application Security Testing (DAST) and other application security tooling within CI/CD pipelines
- Provide secure coding guidance and recommendations based on OWASP Top 10 and industry best practices
- Develop and maintain clear, reusable documentation and standardized frameworks to enable consistent adoption of application security practices across teams
- Triage and assess application security findings from automated tools, penetration tests, and manual reviews
- Partner with application teams to prioritize remediation based on risk, exploitability, and business impact
- Act as a trusted security advisor to application owners, architects, and developers
- Contribute to the development and maintenance of application security standards, patterns, and guidance documentation
- Support third‑party assessments and security reviews for externally developed or hosted applications
- Identify opportunities to improve application security processes, tooling, and governance
- Stay current with emerging application security threats, vulnerabilities, and defensive techniques
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience
- 5+ years of progressive experience in application security, secure software development, or product security
- Strong understanding of web and API technologies (HTTP/S, REST, JSON, OAuth, OpenID Connect, SAML)
- Hands‑on experience with application security testing tools (SAST, SCA, DAST, secret scanning)
- Solid knowledge of OWASP Top 10, threat modeling methodologies, and secure coding principles
- Strong analytical, problem‑solving, and communication skills, with the ability to explain security risks to both technical and non‑technical audiences
- Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
- Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
- Experience securing cloud‑native applications in AWS and/or Azure environments
- Familiarity with API gateways, WAFs, and runtime protection controls
- Experience working in agile or DevOps delivery environments
- Relevant security certifications (e.g., CSSLP, GWAPT, GWEB, CISSP, OSCP)
- Strong knowledge of one or more modern programming languages (e.g. Python, Java, C++, JavaScript)
POSTING DETAILS
Location: 530 - CorporateWorking Conditions: Office Environment
Reports to: Technology Manager Information Security Office
Purolator is an equal opportunity employer committed to diversity and inclusion. We welcome all qualified applicants and provide accommodations during the recruitment process upon request.
Purolator complies with Canadian law in all recruitment practices. During pre-screening, we may use an Artificial Intelligence (AI) tool, supported by human oversight, to efficiently manage tasks such as resume screening and candidate matching, enabling our team to connect with qualified candidates faster.
Personal information is used solely for recruitment and managed in accordance with privacy legislation. For AI-related inquiries only, contact [email protected] . To apply, visit our Careers Page.
We recognize that employees and their families are essential to our success. We strive to provide a safe, healthy, and supportive workplace, ensuring the right people have the tools they need to thrive.
Every day at Purolator is an opportunity to connect with colleagues, customers, and communities to make a positive impact. Learn more about our values at www.purolator.com .
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search