Listing Description

We at Security Compass are on a mission to create a world where we can trust technology by enabling organizations to shift left and build secure applications by design. Our flagship product, SD Elements, helps organizations to reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. This, combined with our industry-leading e-Learning offerings, allows us to support our customers in accelerating software time-to-market without sacrificing security.

As a Content Security Researcher – Application Security, you’ll be reporting to the Lead, Security Research. You should have a solid understanding of the software development lifecycle, cybersecurity, and familiarity with critical application security vulnerabilities such as the OWASP Top 10. This position is ideal for practitioners with a passion for software security who are looking to work within a content research team, or developers who want to help influence other developers in software security. 

You will have a chance to positively impact nearly every part of the world's digital infrastructure by helping shape secure software development for our clients: the world's largest financial services, software, healthcare, telecom, technology, media, and industrial control system companies.

What you’ll do

• Stay up-to-date with the latest software security vulnerabilities, protection mechanisms, and related compliance standards 


• Develop security content for a broad range of application types that include web, mobile, client/server, desktop, and embedded software


• Work with AppSec experts on building secure coding samples in a variety of languages


• Transform compliance regulations and standards into actionable tasks that can be easily consumed by software developers, dev managers, and DevOps engineers; align and match the mandates of those regulations and standards to existing security controls


• Develop security content for the most recent vulnerabilities and attacks; analyze and improve existing security content


• Technical writing and editing; develop security content using style guides that target technical and non-technical audiences; ensure that security content follows a logical structure, is easy to understand, and is easy to act on


• Develop security and compliance training courses and JITT (Just In Time Training) modules


• Develop Python scripts to automate day-to-day workflows and processes


• Provide subject-matter expertise as a service

What you’ll need to succeed 

• A passion to help developers code securely, as well as to learn and teach how to build and deploy secure software


• 3-5 years of industry experience or related graduate level


• Knowledge of the principles of secure coding, common application security vulnerabilities (e.g., OWASP Top 10) and verification standards (such as ASVS)


• Solid understanding of the concepts of software development, including the software development lifecycle (Waterfall and Agile), DevOps processes (CI/CD), Cloud computing, DevSecOps (Cloud and Container technologies), and AppSec (Web and Mobile)


• Familiarity with some of the major security and privacy compliance standards/regulations such as ISO 27000, NIST 800-53, GDPR


• Experience with modern programming languages such as Java, C#, Python, JavaScript, Dart or any other desktop or mobile application development languages


• Strong written communication skills and a desire to do technical writing


• Time management, multitasking, and prioritization skills to work in a fast-paced, agile environment

Nice to have:

• Security or privacy certifications (such as CISSP, CEH, Security+, CIPP, or similar)


• Hands on experience in Cloud and Container security

Why Security Compass?

• Meaningful Work. We contribute towards making technology in the world more secure and our vision is one of a world where we can trust technology.


• Trust.  It’s important to us that you trust those you work with and are empowered to be yourself. To build this trust and transparency, we encourage open, respectful communication.


• Innovation.  We encourage you to explore ideas and test new theories, both in your work and your passion projects. We encourage disruptive thinking. You’ll be able to spend 10% of your time working on a side-project of your choosing.


• Growth.  We make your growth and learning a priority by allocating all our employees with a dedicated learning & growth budget. We give our team members tools and support to be the drivers of their careers and encourage knowledge sharing.


• Life-Work Integration.  We create an environment where you can integrate your work with life in a way that makes sense for you with our hybrid or remote working model, flexible work hours, and unlimited vacation!


• Fun.  We could not have good culture without good fun, and we don’t underestimate its importance. Our casual atmosphere promotes camaraderie, fun and helps bring people together.


• Embracing Diversity, Inclusion and Equity. We speak up for inclusion and celebrate diversity in thought. Our goal is to create a safe, equitable workplace where everyone feels like they belong.

Click here to start imagining your future at Security Compass!

Security Compass is an equal opportunity employer. We are committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require any accommodation, please inform hr@securitycompass.com  so that an inclusive and barrier free process can be provided for candidates taking part in all aspects of the hiring process.  All information provided will be addressed confidentially.