[Hiring] Application Security Manager @Workleap - en

Role Description

As an Application Security Manager, you will be a hands-on individual contributor responsible for embedding security directly into our products, pipelines, and development workflows. This is a deeply technical role where you will write code, build tooling, and work closely with developers to ensure security is a natural part of how we build and ship software.

You will join the AI-SDLC team, which builds internal platforms and tooling that enable AI agents to operate across the development lifecycle. Your mission will be to ensure that security is integrated from the ground up across these tools, pipelines, and agentic workflows—enabling secure-by-default product development at scale.

Responsibilities

• Ensure security is embedded into CI/CD pipelines by delivering scalable, automated tooling and integrated security checks (SAST, DAST, SCA, secret scanning);
• Enable secure-by-default development by designing and implementing automated, policy-driven security review workflows;
• Establish robust security guardrails within AI-assisted development and agent workflows to reduce risk while maintaining developer velocity;
• Reduce risk exposure by proactively identifying, assessing, and driving remediation of application security vulnerabilities;
• Strengthen application security posture by leading threat modeling and security assessments for new features and architectural changes;
• Improve detection and response capabilities through the development of automation, tooling, and streamlined vulnerability management processes;
• Elevate cloud and application security by partnering with Infrastructure SecOps to harden Azure environments and deployment practices;
• Enhance external security feedback loops by contributing to and scaling the bug bounty program and vulnerability intake processes.

Qualifications

• 8+ years of experience in application security, DevSecOps, or security-focused software development;
• Strong software engineering background combined with deep security expertise;
• Deep understanding of web application security principles, OWASP Top 10, and CWE Top 25;
• Hands-on experience performing secure code reviews in C#;
• Experience building and maintaining security automation in CI/CD pipelines (GitHub Actions preferred);
• Solid understanding of Azure cloud services, infrastructure security, and deployment patterns;
• Experience integrating SAST, DAST, SCA, and secret scanning tools into development workflows;
• Proficiency in scripting (Python, Bash) for automation and tooling;
• Extensive hands-on experience with AI-assisted and agentic development workflows, with deep expertise in their security implications;
• Familiarity with authentication protocols such as OIDC, SAML, and OAuth;
• Ability to clearly communicate security risks and trade-offs to both technical and non-technical stakeholders.

Salary

Salary range: $150–180k CAD. This range reflects our Canada-wide compensation scale. Final offers may be adjusted based on the candidate’s region to align with local market conditions.

Benefits

• Healthy and inclusive work environment;
• Support for personal expression and creativity;
• Adaptable work environment to suit daily life and needs.

Additional Information

At Workleap, we build together, we trust each other, and we support each other in success or failure. Our Candidate Experience Flow at Workleap includes:

• Phone Screen
• Virtual Interview using Microsoft Teams
• Work Sample
• Job Offer

As a tech-forward company, we leverage AI tools to enhance our recruitment process, while ensuring all hiring decisions remain human-led.

By applying to this job, you are confirming that you have read and agree to the terms of our privacy policy.