As we continue our rapid growth at Flashfood, we are looking for a talented Application Security Developer to join our Engineering team. You'll lead the way for the expansion of the Application Security Developer program at Flashfood. The mission for the team is to proactively discover, to fix security vulnerabilities and to implement solutions that automate, scale and enhance application security. We’re looking for someone who is just as passionate about automating key areas of the Secure Software Development Lifecycle (SSDLC) as well as partnering with developers to securely build and fortify our applications. The key areas of focus for the AppSec Development program are: Secure Application Design, Tools/DevSecOps and Application Vulnerability Management.

Who We Are:

With the rising cost of food and the challenges faced by our supply chain, Flashfood has become a staple in many North American families. At Flashfood, we are on a mission to reduce the environmental impact of food waste and provide our communities with easier access to healthy, affordable food. We are tackling this gigantic problem together, with a diverse team of people from all over the globe.

What You Will Do:

• Propose solutions for secure application design, DevSecOps automation, tool optimization, application vulnerability management and strategies for risk reduction
• Collaborate with Lead Devs, Product Managers, Program Managers, and other teams to deliver high-quality products.
• Build relationships with Infrastructure teams and Software Development teams.
• Work with multiple internal teams to ensure products are designed and implemented according to security policies, standards, and best practices.
• Work as part of the AppSec team using Agile methodologies.
• Lead AppSec SPLC programs such as the Security Champions program, AppSec Certification program, and numerous company-wide security events.
• Help identify and validate best-in-class security standards implementation
• Validate finding from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvement
• Propose product feature enhancements to enhance security of our application
• Test, replicate and validate security vulnerabilities in applications
• Perform threat modeling of upcoming features and products
• Drive adoption of Policy as Code, adherence to software security metrics
• Practical knowledge and experience working in public cloud environments & IAM solutions (Azure, AWS,GCP etc.)
• You have a “can do” attitude. Our teams create high-quality work on quick timelines. Owning a problem doesn’t scare you, but rather empowers you to take 100% responsibility for achieving our mission.
• You appreciate direct communication. You’re both an active communicator and an eager listener - because let’s face it, you can’t have one without the other. You’re cool with candid feedback and see every setback as an opportunity to grow.

Who You Are:

• 3+ years of work experience specializing in Application Security, preferably in a consulting role.
• 8+ years of IT experience, preferably in information security.
• Strong verbal and written communication skills.
• Knowledge and Experience with one or more AppSec tools such as Snyk, Orca Security etc.
• Knowledge of OWASP top-10 App/API and a deep understanding of web application and mobile app vulnerabilities.
• Experience in facilitating technical conversations between engineering and operations teams.
• Experience in analyzing systems designs and code, and identifying security problems
• Strong knowledge of software release process and release pipeline.
• Strong programming skills in Python, Golang, or Javascript/Typescript

Nice to Have:

• Understanding of regulatory compliance frameworks such as NIST, SOC 2
• Understanding of MITRE framework and threat intelligence
• Understanding of infrastructure as code
• Understanding of Kubernetes
• Strong knowledge of GitHub

Company Perks

• Competitive base salary
• Company-wide performance bonus
• Casual and remote-friendly work environment
• Flexible working hours
• Monthly team events (virtual friendly)
• Maternity & Parental Leave Top Up Plan
• Professional development opportunities - $1,750/year
• Opportunity to work with a growing company passionate about sustainability and making an impact on our communities

The requirements listed in job descriptions are guidelines, not hard and fast rules. You don’t have to satisfy every requirement or meet every qualification listed. If your skills are transferable and you are in the ballpark with the number of years of experience Flashfood is looking for, apply. Applying gives you the opportunity to be considered.

Flashfood is an equal opportunity employer and is committed to providing an accessible recruitment process. Please advise should you need any accommodation throughout the recruitment process. All your information will be treated confidentially.