Consultant, Application Security

What You’ll Be Doing As an Application Security Consultant, you will act as a subject‑matter expert working with cross‑functional application development teams to identify, assess, report, and manage security risks and design flaws identified in key applications. You will influence enterprise teams to build security into design, operation, and development techniques. How You’ll Succeed Application Security Steward – Provide guidance to development teams and oversee application security testing services, including dynamic application security testing (DAST), static application security testing (SAST), software composition analysis (SCA), mobile application security testing (MAST), and container security. Risk‑Based Vulnerability Management – Review security scan results and collaborate with development teams to prioritize vulnerabilities using a risk‑based approach and support the remediation process. Training and Awareness – Deliver training and awareness sessions to application development teams on how to use application security tools and educate developers on integrating security testing throughout the software development lifecycle. Security Tool Integration – Collaborate with development teams to integrate automated security tools into continuous integration and continuous delivery (CI/CD) pipelines. Continuous Improvement – Promote continuous improvement by applying lessons learned from projects and ongoing security assessments. Who You Are You have at least three years of experience in application security, secure software development, or related fields and a bachelor’s degree in computer science, software engineering, or an equivalent combination of education and experience. You can demonstrate experience using application security testing tools and platforms to manage and perform static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and mobile application security testing (MAST). You have hands‑on experience in software development and a good understanding of application security concepts, including secure coding, design, and industry standards and best practices. You are comfortable working with security code issues across a variety of languages such as Java Enterprise Edition (JEE), .NET, JavaScript, HTML, JSP, and ASP. You have strong interpersonal and communication skills and are able to clearly articulate application security issues to a range of stakeholders, including developers, project managers, and management. You’re a certified professional. You have, or are working toward, relevant security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Secure Software Lifecycle Professional (CSSLP). Values matter to you. You bring your real self to work and live our values – trust, teamwork, and accountability. Prior to starting in this role, security checks, including a criminal record check, must be successfully completed to the satisfaction of CIBC. An annual criminal record check may also be required. What CIBC Offers Competitive salary, incentive pay, and a comprehensive benefits program that includes a defined benefit pension plan, shared ownership plan, vacation, wellbeing support, and MomentMakers, a social, points‑based recognition program. An employee share purchase plan that gives you an ownership stake in CIBC. A technology‑enabled workplace that simplifies bringing together great minds to create innovative solutions for our clients. Purpose Day – a paid day off dedicated to help you invest in your growth and development. What You Need to Know CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and provide an accessible candidate experience. If you need accommodation, please contact You need to be legally eligible to work in the location(s) specified above and, where applicable, must have a valid work or study permit. We may ask you to complete attribute‑based assessments and other skills tests (such as simulation, coding, French proficiency). We use artificial intelligence tools during the recruitment process to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us. Job Location Toronto‑81 Bay, 19th Floor Employment Type Regular – Full‑time Weekly Hours 37.5 hours per week Skills Application Development, Application Security, Dynamic Application Security Testing (DAST), Information Security, Security Reviews, Security Testing, Security Tools, Software Development, Static Application Security Testing (SAST), Web Application Vulnerabilities #J-18808-Ljbffr