For more than 20 years, PointClickCare has been the backbone of senior care. We’ve amassed the richest senior care dataset making our market density untouchable and our connections to the healthcare ecosystem exponentially more powerful than those of any other platform.

With Collective Medical & Audacious Inquiry, we’ve become the most expansive, full-continuum care collaboration network, offering care teams immediate, point-of-care access to deep, real-time insights at every stage of a patient’s journey.

For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.

**OPEN TO US & CANADIAN CANDIDATES**

The Senior Application Security Engineer will be part of a team driving embedding security seamlessly into the product development lifecycle, focusing on reducing risk in our software delivery processes. The Senior Application Security Engineer will serve as a technical interface, key adviser and subject matter expert working with Engineering, Product Management, SaaSOps, and DevOps teams to determine security requirements and support development, testing and delivery of secure products in a modern public cloud architecture and to ensure a secure PointClickCare SaaS delivered product platform. You can expect to work closely with software development teams as well as third party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications.

Responsibilities

Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
Own and perform application security vulnerability management.
Facilitate and support the preparation of security releases.
Support and consult with Product and Engineering teams in the area of application security.
Assist in development of automated security testing to validate that secure coding best practices are being used.
Identify solutions for difficult security problems while collaborating in a broader agile Application Security team
Building a comprehensive solution to conduct consolidation, aggregation, and notification of security findings to respective stakeholders.
Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.
Provide security related coaching, training and expertise to drive and elevate security expertise within the development teams
Responsible for promoting, designing, and evaluating application security in all phases of the software development life cycle, and constantly looking for innovative ways to improve processes.
Understanding of and experience securing cloud infrastructure and applications using contemporary cloud computing models (IaaS, PaaS, SaaS, etc) with emphasis on Azure/AWS technologies
Write proof of concept code to demonstrate the severity of a potential security issue

Essential Qualifications

Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience
Significant experience in the field of cybersecurity and/or application security, including time as an engineer writing code, conducting code reviews or in a senior role contributing to secure software design, development and testing processes
Expert knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO
Familiarity with common security libraries, security controls, and common security flaws.
Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
Experience building secure software based on frameworks such OWASP, BSIMM and SANS
Significant experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing (SAST, DAST, RASP, SCA) and other application security testing tools and techniques.
Knowledge of common scripting and compiled languages including C#, Java, JavaScript, Python, Perl, PowerShell, and the .NET development frameworks. Full stack experience including MySQL/SQL preferred
Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
Advanced organizational, planning, communication, analytical and time management skills
Experience working with developers.
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
Experience identifying security issues through code review
Experience in integrating security solutions into CI-CD pipelines and automating tooling orchestration.
Understand DevSecOps cultural mindsets, and an engineering focused approach to solving complex security problems
Desired Qualifications
Advanced degree in Information Technology, or the equivalent combination of education, training or experience CISSP, CISM or other related Information Security certifications
Experience in SaaS and/or health care environments
Experience with API security testing
#LI-TP1
#LI-Hybrid/Remote

It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact recruitment@pointclickcare.com should you require any accommodations.

PointClickCare is committed to Information Security. By applying to this position, if hired, you commit to following our information security policies and procedures and making every effort to secure confidential and/or sensitive information.

This job is no longer accepting applications

See open jobs at PointClickCare.See open jobs similar to "Senior Application Security Engineer" Work In Tech.

See more open positions at PointClickCare

Privacy policy Cookie policy

Communitech Hub

151 Charles Street West, Suite 100,
Kitchener, Ontario, Canada, N2G 1H6

Proud member of Canada's Tech Network

Hours: Monday - Thursday 8:30 a.m. - 5 p.m. ET
Friday 8:30 a.m. - 4 p.m. ET
Phone: +1 (519) 888-9944
Email: front.desk@communitech.ca

Connect with us

Government of Ontario logo

Government of Canada logo

Communitech acknowledges that the Hub is situated on the Haldimand Tract, land that was granted to the Haudenosaunee of the Six Nations of the Grand River, and are within the territory of the Neutral, Anishinaabe, and Haudenosaunee peoples.

To access services in French please email marketinghelp@communitech.ca