Application Security Engineer

At Certn, we're revolutionizing background screening with The World's Easiest Background Check — fast, global, and powered by tech. We're not about outdated processes and red tape. We're about innovation, speed, and impact. If you're looking for a place where ownership, collaboration, and creativity thrive, this is it.

We're looking for an Application Security Engineer to safeguard our customer-facing platforms and internal systems. In this hands-on role, you'll embed security at every stage of the application lifecycle, from architecture and development through deployment and monitoring. This is an ideal opportunity for someone passionate about secure software development, automation, and protecting people's data in a fast-moving, product-centric environment.

Secure Application Development

• Embed security best practices throughout the software development lifecycle (SDLC) to ensure applications are designed and built with security in mind from the start.
• Conduct secure code and architecture reviews to proactively identify and remediate vulnerabilities before they impact production.
• Partner with engineering teams to create secure-by-design applications that protect sensitive applicant, client, and employee data while maintaining product performance and usability.

Threat Detection and Vulnerability Management

• Identify, assess, and prioritize potential security risks to reduce Certn's exposure to emerging threats and strengthen overall resilience.
• Coordinate internal and third-party penetration testing to validate the effectiveness of security controls and ensure vulnerabilities are remediated promptly.
• Maintain a structured vulnerability management process to ensure accountability, visibility, and measurable improvement in Certn's security posture over time.

Security Tooling and Automation

• Implement and manage security tools (e.g., SAST, DAST, dependency scanning, secrets detection) to continuously monitor and safeguard Certn's applications.
• Integrate automated security checks into CI/CD pipelines to enable fast, secure releases without slowing development velocity.
• Leverage automation to improve efficiency, consistency, and early detection of security issues, reducing manual overhead and human error.

Governance, Compliance, and Incident Response

• Align application security practices with global and regional standards (e.g., SOC 2, ISO 27001, GDPR, PIPEDA) to meet client and regulatory expectations.
• Support audit and compliance efforts by maintaining evidence of secure processes and demonstrating control effectiveness to external and internal stakeholders.
• Participate in incident response for application-related issues to minimize impact, learn from events, and strengthen future defenses.

Collaboration, Enablement, and Continuous Improvement

• Partner with product, engineering, DevOps, and compliance teams to integrate security objectives seamlessly into business and development processes
• Promote secure development practices through training, documentation, and coaching, fostering a culture where security is a shared responsibility.
• Stay current on evolving threats, technologies, and best practices to continuously enhance Certn's security capabilities and maintain stakeholder trust.

• Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related technical discipline; or an equivalent combination of education and practical experience.
• Relevant post-secondary coursework or certifications in cybersecurity, secure software development, or cloud security are considered strong assets.
• Strong understanding of secure coding principles, web application security, and common vulnerabilities (e.g., OWASP Top 10, SANS top 25).
• Proficiency with application security testing tools such as SAST, DAST, SCA, and secrets-scanning platforms.
• Working knowledge of authentication and authorization mechanisms, encryption, API security, and identity management.
• Ability to interpret and communicate technical security risks to both technical and non-technical audiences.
• Experience integrating security into CI/CD pipelines and using automation to improve security coverage.
• Analytical thinking, problem-solving, and prioritization skills with strong attention to detail.
• Collaborative mindset with the ability to partner effectively across engineering, product, DevOps, and compliance teams.
• Demonstrated experience performing threat modeling, code review, and vulnerability remediation within agile development environments.
• Hands-on experience with cloud-native architectures and security practices across AWS, Azure, or GCP environments.
• Familiarity with security frameworks and compliance standards (e.g., SOC 2, ISO 27001, NIST, GDPR, PIPEDA).
• Proven track record of improving security maturity within a fast-paced, product-focused organization.

Flexibility: Remote-first role with teammates across North America and the UK

Global Collaboration: Partner with experienced technical teams in multiple regions

Compensation: Competitive salary, commission structure, comprehensive health benefits, generous paid time off.

Culture: Collaborative, async-friendly, and innovation-focused.

We believe talent knows no borders, and we're open to candidates from the UK and beyond.

Certn is a growing global technology company reinventing the way organizations build trust in people with technology and AI-backed background checks. Having recently been named one of Canada's Companies-to-Watch in Deloitte's Technology Fast 50 Awards, we are one of the fastest-growing start-ups in the sector. Just so you know, the selected candidate will be required to complete a background check — so you'll get to see first-hand what we do. Certn is committed to equal opportunity, inclusion, and diversity. If you have a disability that requires accommodation at any stage of the recruitment process, please let us know how we can best assist you.

Ready to build your career and make an impact? Apply now and start your journey with Certn.

Compensation Range: CA$106K - CA$132.5K