We are looking for an Application Security Analyst (AppSec) to join the Information Security Protection and Analysis team of a major financial institution. This is a re-opened position with an adjusted scope focusing on automation and developer empowerment.
...
In this role, you will apply strong technical expertise to influence secure development practices across the enterprise. You will work closely with development, DevOps, and security teams to integrate security into every stage of the SDLC and enhance AppSec tooling capabilities.
This is a long-term contract (until March 31, 2027) with potential for renewal. The position is remote, with occasional in-person meetings required in Quebec City or Montreal.
Important: Please submit your CV in English.
Advantages
Benefit from a stable contract of over one year.
Work in a remote environment with occasional travel to Montreal or Quebec City.
Play a key role in improving the cybersecurity maturity of a large organization.
Collaborate in an environment where ideas are openly shared.
Responsibilities
Integrate, configure, and maintain Application Security tools such as SAST, DAST, SCA, and container scanning.
Automate security testing processes and maintain AST tool infrastructure.
Support development teams in adopting and integrating AppSec tools into their SDLC.
Use automated tooling to detect vulnerabilities and act as a technical security expert to assist teams in remediation.
Conduct manual code reviews for security compliance purposes.
Document and update standards and guides in a fast-evolving application security landscape.
Create and maintain processes helping developers integrate and use security tools.
Recommend corrective actions through clearly structured guides and procedures.
Guide development teams on designing applications with a security-first mindset.
Support threat modeling exercises and document access models.
Ensure alignment with security frameworks such as NIST and ISO 27001.
Qualifications
Strong understanding of the SDLC, DevOps practices, and CI/CD pipelines.
Hands‑on experience with AppSec tooling including SAST, DAST, SCA, container scanning, secrets detection, and IaC scanning.
Ability to write and maintain scripts in Python, Bash, or PowerShell to automate security tasks.
Knowledge of web technologies such as JavaScript or TypeScript.
Knowledge of backend stacks such as .NET or Java.
Strong knowledge of common vulnerability types and recommended remediations, specifically OWASP Top 10.
Familiarity with threat modeling and Agile methodologies.
Strong analytical thinking and ability to communicate complex security concepts to technical and non‑technical audiences.
Experience integrating security into cloud environments is an asset.
Mandatory bilingualism (French and English) for frequent interactions with English-speaking partners and suppliers.
**Notre client exerce ses activités au Canada. L'entreprise prend toutes les mesures raisonnables pour limiter le nombre de postes au Québec exigeant la connaissance d'une langue autre que le français, et ne l'exige que lorsque cela est nécessaire et que ses employés bilingues actuels ne sont pas en mesure d'assumer ces fonctions.
Suite à une évaluation réalisée par notre client, il a été déterminé que ce poste exige la maîtrise de l'anglais (parlé et écrit). Plus particulièrement, l'employé devra interagir avec les services internes centralisés (p. ex., Opérations, Ressources humaines, Finances, Services juridiques, Contrats, Ventes) qui soutiennent l'organisation au Canada et qui ne parlent pas français.**
Summary
We are looking for an AppSec Consultant passionate about automation and secure coding. If you have experience with SAST/DAST tools, scripting, and guiding developers in a DevSecOps context, this remote mandate is for you.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
show more
We are looking for an Application Security Analyst (AppSec) to join the Information Security Protection and Analysis team of a major financial institution. This is a re-opened position with an adjusted scope focusing on automation and developer empowerment.
In this role, you will apply strong technical expertise to influence secure development practices across the enterprise. You will work closely with development, DevOps, and security teams to integrate security into every stage of the SDLC and enhance AppSec tooling capabilities.
This is a long-term contract (until March 31, 2027) with potential for renewal. The position is remote, with occasional in-person meetings required in Quebec City or Montreal.
Important: Please submit your CV in English.
Advantages
Benefit from a stable contract of over one year.
Work in a remote environment with occasional travel to Montreal or Quebec City.
Play a key role in improving the cybersecurity maturity of a large organization.
Collaborate in an environment where ideas are openly shared.
Responsibilities
Integrate, configure, and maintain Application Security tools such as SAST, DAST, SCA, and container scanning.
...
Automate security testing processes and maintain AST tool infrastructure.
Support development teams in adopting and integrating AppSec tools into their SDLC.
Use automated tooling to detect vulnerabilities and act as a technical security expert to assist teams in remediation.
Conduct manual code reviews for security compliance purposes.
Document and update standards and guides in a fast-evolving application security landscape.
Create and maintain processes helping developers integrate and use security tools.
Recommend corrective actions through clearly structured guides and procedures.
Guide development teams on designing applications with a security-first mindset.
Support threat modeling exercises and document access models.
Ensure alignment with security frameworks such as NIST and ISO 27001.
Qualifications
Strong understanding of the SDLC, DevOps practices, and CI/CD pipelines.
Hands‑on experience with AppSec tooling including SAST, DAST, SCA, container scanning, secrets detection, and IaC scanning.
Ability to write and maintain scripts in Python, Bash, or PowerShell to automate security tasks.
Knowledge of web technologies such as JavaScript or TypeScript.
Knowledge of backend stacks such as .NET or Java.
Strong knowledge of common vulnerability types and recommended remediations, specifically OWASP Top 10.
Familiarity with threat modeling and Agile methodologies.
Strong analytical thinking and ability to communicate complex security concepts to technical and non‑technical audiences.
Experience integrating security into cloud environments is an asset.
Mandatory bilingualism (French and English) for frequent interactions with English-speaking partners and suppliers.
**Notre client exerce ses activités au Canada. L'entreprise prend toutes les mesures raisonnables pour limiter le nombre de postes au Québec exigeant la connaissance d'une langue autre que le français, et ne l'exige que lorsque cela est nécessaire et que ses employés bilingues actuels ne sont pas en mesure d'assumer ces fonctions.
Suite à une évaluation réalisée par notre client, il a été déterminé que ce poste exige la maîtrise de l'anglais (parlé et écrit). Plus particulièrement, l'employé devra interagir avec les services internes centralisés (p. ex., Opérations, Ressources humaines, Finances, Services juridiques, Contrats, Ventes) qui soutiennent l'organisation au Canada et qui ne parlent pas français.**
Summary
We are looking for an AppSec Consultant passionate about automation and secure coding. If you have experience with SAST/DAST tools, scripting, and guiding developers in a DevSecOps context, this remote mandate is for you.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
show more
