Company: Match Made Tech

Location: Toronto, ON

Expected salary: $60 – 80 per hour

Job date: Fri, 01 Aug 2025 01:50:21 GMT

Job description: Application Security Engineer (Remote)
Contract | Remote | Application SecurityA leading cybersecurity consulting firm is looking for an experienced Application Security Engineer to join its growing Application Security practice. This role is ideal for someone with strong C#/.NET expertise who thrives in client-facing environments and enjoys digging deep into secure development practices.What You’ll Do

• Remediation Guidance: Work directly with engineering and DevOps teams to validate, prioritize, and support remediation of vulnerabilities from assessments, scans, and bug bounty submissions.
• Manual Secure Code Review: Review .NET and enterprise application codebases to identify logic flaws, injection risks, misconfigurations, and other security issues that scanners often miss.
• Threat Modeling: Conduct lightweight threat modeling for new application features to uncover architectural risks early in the development lifecycle.
• Secure SDLC Enablement: Serve as a trusted security advisor to development teams, driving secure coding practices and embedding security into CI/CD workflows.
• Tooling Integration: Assist with the setup and fine-tuning of AppSec tools (SAST, DAST, SCA) and their integration into development pipelines.

What You Bring

• Solid experience in C#/.NET Core and Framework development and security
• Deep knowledge of secure coding practices , OWASP Top 10, and common vulnerability patterns (CWE)
• Hands-on experience with manual code reviews
• Familiarity with threat modeling frameworks (STRIDE, LINDDUN, etc.)
• Understanding of modern SDLC processes, DevOps culture, and security tooling
• Strong communication skills and the ability to work effectively with engineers and security teams

Bonus Points For

• Consulting or client-facing security experience
• Exposure to penetration testing or red teaming
• Experience with cloud-native applications (Azure or AWS), Kubernetes, or container security
• Security certifications such as OSWE, CSSLP, GWAPT, eCPTX

Why Apply

• Work with highly respected cybersecurity professionals solving real-world challenges
• Direct impact with enterprise clients and innovative teams
• 100% remote work with flexible schedules
• Access to top-tier research, ongoing training, and certification support
• Opportunity to help shape a growing AppSec service line