Our client, is seeking a talented and proactive Application Security Analyst to join their Global Cyber Security division.
...
In this critical technical role, you will act as a key accelerator for the organization's enterprise-wide DevSecOps transformation. You will lead the evaluation, custom tuning, and integration of automated application security tools and compliance guardrails directly inside global CI/CD pipelines. This position requires an analyst who bridges the gap between deep cyber security auditing and modern application engineering; you will work shoulder-to-shoulder with developers, cloud engineers, and DevOps squads across major international operating geographies. Your mission is to foster a development-first security culture, ensuring software is built securely from day one without creating operational friction.
Duration: 8-Month Contract (August 10, 2026 – April 9, 2027)
Work Arrangement: Hybrid — primarily remote; optional onsite attendance 1–2 times per quarter at the corporate hub.
Hours: Monday–Friday, 9:00 a.m.–5:00 p.m. (Standard 37.5-hour work week)
Advantages
Global Modernization Scope: Own and orchestrate the security tooling roadmap for distributed development clusters across major international operating regions.
True DevSecOps Sandbox: Move away from passive spreadsheet auditing—use your development background to automate redundant workflows, write custom infrastructure scripts, and configure serverless security checks.
High Executive Visibility: Elevate your professional profile by designing program-level Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) delivered directly to senior cyber security leadership.
Workplace Flexibility: Enjoy a modern, remote-first schedule that offers maximum geographical autonomy, paired with structured quarterly alignment sessions.
Responsibilities
DevSecOps Automation & Tooling Governance
Pipeline Security Engineering: Assist with the running, deployment, and configuration of automated application security testing platforms, including SAST, SCA, MAST, and DAST engines.
Vulnerability Remediation Consulting: Analyze raw scanning results and penetration testing reports, translate vulnerabilities into actionable fixes, and provide remediation blueprints to active software delivery pods.
Platform Custom Tuning: Continuously evaluate tool accuracy, eliminate false positives, and execute software upgrades and rule-set tuning based on emerging threat profiles and system bugs.
Process Automation: Build custom scripts and internal tooling to automate repetitive security tasks, removing administrative overhead and accelerating code promotion metrics.
Program Strategy, Metrics & Documentation
Security Metrics & Reporting: Develop, track, and aggregate program metrics (KPIs and KRIs) for the macro vulnerability management initiative, packaging data into professional reports for executive leadership.
AppSec Compliance Blueprints: Assist in authoring global application security guidelines, threat-modeling templates, standard operating procedures, and technical documentation.
Developer Advisory & Training: Act as an internal security evangelist, educating software engineering teams on OWASP Top 10 (Web, Mobile, API) and SANS Top 25 code vulnerabilities.
Production Operations Support: Provide tier-3 diagnostic support for live web and mobile platforms, resolving security incidents and triaging threat escalations.
Qualifications
Experience: Minimum 3+ years of dedicated, professional Cyber Application Security experience, coupled with 2+ years of prior practical experience in IT System Design / Application Development.
Software Engineering Foundation: Strong structural background (2+ years) reading, writing, or debugging applications written in C++, Java, or .NET stacks.
AppSec Platform Mastery: 1+ years of direct experience administering and configuring Application Security testing infrastructure (SAST/DAST/SCA/MAST tools).
Automation Engineering: 1+ years of demonstrated success designing automated infrastructure configurations or writing utility scripts to stitch development tools together.
Framework Mastery: In-depth technical command of OWASP Top 10 vulnerabilities (spanning Web architectures, Mobile frameworks, and REST/SOAP APIs) alongside SANS Top 25 controls.
Education & Core Certification: University or College diploma in Computer Science, Systems Engineering, or a related technical discipline. An active cybersecurity designation (such as CISSP, CEH, or equivalent) is required.
Soft Skills: Outstanding communication skills with the ability to articulate highly technical security threats to non-technical business partners; a proactive problem-solver who can create high-fidelity technical diagrams (such as Visio workflows) and excels in fast-paced Agile sprint environments.
Nice-to-Haves
Holding advanced validation credentials, including GWAPT, GWEB, CASE, or CSSLP certifications.
Direct experience engineering secure CI/CD pipelines, container environments (Docker/Kubernetes), microservices architectures, and Amazon Web Services (AWS) environments (1+ years).
Prior experience in business process engineering, software procurement lifecycles, and managing enterprise application integrations.
Summary
If you are a tech-savvy Application Security Analyst who pairs an absolute command of modern AppSec testing tools (SAST/DAST) with the software engineering background (Java/.NET/C++) and pipeline automation depth needed to drive a global DevSecOps transformation, this 8-month hybrid contract is an exceptional professional platform. Bring your risk remediation precision, scripting agility, and collaborative team-first drive to our client's elite cyber security group today!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
Our client, is seeking a talented and proactive Application Security Analyst to join their Global Cyber Security division.
In this critical technical role, you will act as a key accelerator for the organization's enterprise-wide DevSecOps transformation. You will lead the evaluation, custom tuning, and integration of automated application security tools and compliance guardrails directly inside global CI/CD pipelines. This position requires an analyst who bridges the gap between deep cyber security auditing and modern application engineering; you will work shoulder-to-shoulder with developers, cloud engineers, and DevOps squads across major international operating geographies. Your mission is to foster a development-first security culture, ensuring software is built securely from day one without creating operational friction.
Duration: 8-Month Contract (August 10, 2026 – April 9, 2027)
Work Arrangement: Hybrid — primarily remote; optional onsite attendance 1–2 times per quarter at the corporate hub.
Hours: Monday–Friday, 9:00 a.m.–5:00 p.m. (Standard 37.5-hour work week)
Advantages
...
Global Modernization Scope: Own and orchestrate the security tooling roadmap for distributed development clusters across major international operating regions.
True DevSecOps Sandbox: Move away from passive spreadsheet auditing—use your development background to automate redundant workflows, write custom infrastructure scripts, and configure serverless security checks.
High Executive Visibility: Elevate your professional profile by designing program-level Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) delivered directly to senior cyber security leadership.
Workplace Flexibility: Enjoy a modern, remote-first schedule that offers maximum geographical autonomy, paired with structured quarterly alignment sessions.
Responsibilities
DevSecOps Automation & Tooling Governance
Pipeline Security Engineering: Assist with the running, deployment, and configuration of automated application security testing platforms, including SAST, SCA, MAST, and DAST engines.
Vulnerability Remediation Consulting: Analyze raw scanning results and penetration testing reports, translate vulnerabilities into actionable fixes, and provide remediation blueprints to active software delivery pods.
Platform Custom Tuning: Continuously evaluate tool accuracy, eliminate false positives, and execute software upgrades and rule-set tuning based on emerging threat profiles and system bugs.
Process Automation: Build custom scripts and internal tooling to automate repetitive security tasks, removing administrative overhead and accelerating code promotion metrics.
Program Strategy, Metrics & Documentation
Security Metrics & Reporting: Develop, track, and aggregate program metrics (KPIs and KRIs) for the macro vulnerability management initiative, packaging data into professional reports for executive leadership.
AppSec Compliance Blueprints: Assist in authoring global application security guidelines, threat-modeling templates, standard operating procedures, and technical documentation.
Developer Advisory & Training: Act as an internal security evangelist, educating software engineering teams on OWASP Top 10 (Web, Mobile, API) and SANS Top 25 code vulnerabilities.
Production Operations Support: Provide tier-3 diagnostic support for live web and mobile platforms, resolving security incidents and triaging threat escalations.
Qualifications
Experience: Minimum 3+ years of dedicated, professional Cyber Application Security experience, coupled with 2+ years of prior practical experience in IT System Design / Application Development.
Software Engineering Foundation: Strong structural background (2+ years) reading, writing, or debugging applications written in C++, Java, or .NET stacks.
AppSec Platform Mastery: 1+ years of direct experience administering and configuring Application Security testing infrastructure (SAST/DAST/SCA/MAST tools).
Automation Engineering: 1+ years of demonstrated success designing automated infrastructure configurations or writing utility scripts to stitch development tools together.
Framework Mastery: In-depth technical command of OWASP Top 10 vulnerabilities (spanning Web architectures, Mobile frameworks, and REST/SOAP APIs) alongside SANS Top 25 controls.
Education & Core Certification: University or College diploma in Computer Science, Systems Engineering, or a related technical discipline. An active cybersecurity designation (such as CISSP, CEH, or equivalent) is required.
Soft Skills: Outstanding communication skills with the ability to articulate highly technical security threats to non-technical business partners; a proactive problem-solver who can create high-fidelity technical diagrams (such as Visio workflows) and excels in fast-paced Agile sprint environments.
Nice-to-Haves
Holding advanced validation credentials, including GWAPT, GWEB, CASE, or CSSLP certifications.
Direct experience engineering secure CI/CD pipelines, container environments (Docker/Kubernetes), microservices architectures, and Amazon Web Services (AWS) environments (1+ years).
Prior experience in business process engineering, software procurement lifecycles, and managing enterprise application integrations.
Summary
If you are a tech-savvy Application Security Analyst who pairs an absolute command of modern AppSec testing tools (SAST/DAST) with the software engineering background (Java/.NET/C++) and pipeline automation depth needed to drive a global DevSecOps transformation, this 8-month hybrid contract is an exceptional professional platform. Bring your risk remediation precision, scripting agility, and collaborative team-first drive to our client's elite cyber security group today!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more