Listing Description

Job Title: Application Security Analyst

Job location:(Ottawa, Ontario, CA - Hybrid; other North - American Locations - Remote)

About the role

Reporting to the Senior Director of Global Information Security, the Application Security Analyst is responsible for identifying and remediating security related flaws across Kinaxis’ software applications and digital services, to promote a secure posture, and to conform these systems to the information security standards and policies.

As a strong collaborator and team player, the candidate will partner closely with stakeholders across the business, including from Corporate IT, Cloud Services, Product Development, and technology partners to contribute to the implementation of adequate security solutions and controls.  The candidate will also mitigate cyber risks, respond to incidents, and produce evidence for regulatory requirements, with the goal of achieving business objectives.

As a key player in the development, implementation and maintenance of a company-wide information security infrastructure, the candidate will partner with stakeholders to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance within the context of risk tolerance for both cloud and on-premise environments.

What you will do:

• Identify information security risks at the application level, at each stage of development, and proactively work to ensure that risks are identified, assessed and mitigated across the business.

• Integrate static and/or dynamic code analysis tools into the SDLC


• Build a governance process for Software Developers to execute secure development principles and best practices (e.g. OWASP Top 10).

• Arrange or conduct vulnerability and penetration tests against defined systems.


• Identify and propose key application security priorities, initiatives, plans, practices and tools.


• Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and provide recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.


• Collaborate across the company to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.


• Monitor application security trends and evolving technologies and keep senior management informed about related application security issues and implications for the Company.


• Participate in the Security Incident Response Process


• Assist with disaster recovery and business continuity planning


• Perform technical risk assessments and reviews of new and existing applications and systems


• Assist with emergencies and incident response after hours should the need arise

What you should have:

• Education background in Information Security, Computer Science, Information Management Systems, or equivalent.


• 4+ years of experience identifying and mitigating risks to software applications; high-tech, global environment preferred


• Technical skills relevant to Application Security such as secure coding standards, application security testing, Java programming, ethical hacking techniques, cloud security architecture, vulnerability and threat management


• Hands-on experience with vulnerability management and penetration testing tools:




• Eg: NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, Metasploit, etc




• Two years of hands-on experience in Information Security Auditing.


• Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. some of SSAE16, SOC 2, C5, PCI DSS, HIPAA, GLBA, FISMA, NIST, ISO27000, CobiT, ISF, OWASP, ITIL, ATT&CK)


• Strong written and oral communication skills

• Some relevant certifications, such as CASE, ASVS, CISSP.


• Bonus if you have a published CVE discovered by you.


• Successful candidate must be able to fulfill all security and confidentiality thresholds for this position (criminal background check)