At Sectigo, we align around our mission and pride ourselves in helping thousands of customers sleep better at night.

Sectigo is a leading provider of digital identity and cybersecurity solutions, offering a comprehensive suite of products to protect online transactions and communications. Our mission is to secure the digital landscape for enterprises worldwide.

“When people think Online trust management, they think Sectigo because we offer our customers unparalleled peace of mind.”

How we show up with each other and our customers every day is just as important, and we win as #OneSectigo by living out our core values - Support, Excellence, Communication, Teamwork, Integrity, Growth and Openness. We are committed to investing in our diverse teams where everyone understands their role and how they support our strategic goals, we drive operational excellence through scale and efficiency, and we strive to delight our customers and become the market leader in our industry. If you aspire to join a driven team that holds each other accountable to meeting our lofty goals and you'd like to be part of our growth story in delivering a market leading user experience, we'd like to talk to you.

We are looking for a (job title) to join our growing global team at Sectigo.
As an Application Security Engineer, you will ensure the security of our applications and software systems throughout the entire software development lifecycle. You will maintain high productivity and foster collaboration among teams. Additionally, you will articulate security issues to both technical and non-technical audiences. You will also serve as a key cyber incident response team member, operating within Security Operations in a 24/7 and 365-day environment.
This is a full-time position working in the hybrid model and at least 3 days a week from our Ottawa office.

Here are the core functions, responsibilities, and expectations for this role:

• Assist in incident response by providing engineering support to remediate critical security bugs in production environments.
• Conduct vulnerability assessments and implement appropriate security measures for applications.
• Review and assess application security, including code reviews and penetration testing.
• Develop and implement automated processes to ensure consistent application of security best practices across projects
• Ensure compliance with industry standards and regulatory requirements.
• Collaborate with software developers to design and implement secure application architectures.
• Work with the development teams to improve the security of CI/CD processes
• Promote a secure-by-design culture, advocating for best practices in secure coding, threat modeling, and vulnerability management to protect against potential security threats.
• Develop and maintain security policies, procedures, and documentation.
• Perform security risk assessments and recommend mitigation strategies.
• Implement and manage security monitoring and incident response tools.
• Articulate security issues and solutions to both technical and non-technical audiences.
• Advocate for a security-first culture and continuously update stakeholders about emerging threats.
• Serve as a key cyber incident response team member, operating within Security Operations.
• Operate on a rotating 24x7 on-call schedule, including after-hours, nights, and weekend shifts.
• Other duties as assigned and related to the nature of this role and company initiatives.

Education:

• Bachelor's degree in Computer Science, Information Technology, or a related field is strongly recommended.

Experience:

• Minimum of 5 years of experience in cybersecurity and software development.
• Hands-on experience with automated security testing tools such as SAST, DAST, and dependency scanning (e.g., Sonatype, Burp Suite, Web Inspect, Veracode, SonarQube)
• Proficiency in at least one programming language such as Python, Golang or Java or similar.
• Experience with Oracle SQL, including stored procedures, triggers, and secure DB configuration is considered a plus
• Expertise in securing web applications built with modern frameworks in Golang and/or Java.
• Knowledge of authentication and authorization protocols (OAuth, OpenID Connect, JWT) and security standards (SSL/TLS, encryption)
• Relevant certifications such as OSCP, CISSP, CEH, or CSSLP are preferred.
• Excellent communication skills, both written and verbal.

Ideal Candidate Profiles, Talents, and Desired Qualifications:

• Basic knowledge of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, infrastructure as code, etc.
• Strong understanding of application security principles and practices.
• Ability to work in a fast-paced, 24x7 environment.
• Occasional travel for various job-related activities.

Global team. Global reach. Global impact.
At Sectigo, we believe doing good is good business. Our strength and our success come from our team of passionate, engaged individuals who make a difference, both locally and globally. Our commitment to engagement is rooted in an unconditionally inclusive workforce, embodying our unique perspectives, heritages, and backgrounds, all as diverse as the experiences of each Sectigo employee. Importantly, we strive to be recognized not only as the CLM leader but also for our intentional efforts to promote employees into the roles that most challenge and excite them, into experiences that allow them to grow their interests as we grow the business. We are committed to bringing a little bit of fun and a whole lot of happiness into everything we do so that our work – and our team members – reflect the positive outcomes we deliver to our customers every day.