Security Developer
-
Pay Rate: $86.00/hour, depending on experience
-
Contract Length: 3 Months
- Location: Calgary, Alberta
Raise is currently hiring a Security Developer on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client is a market leading financial institution
Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.
Description
As a Security Developer, you will play a critical role in designing, building, and defending scalable, secure, and robust systems. This role requires a potent mix of deep technical application security expertise and a highly collaborative approach to problem-solving. You are proactive, dedicated to continuous learning, and uniquely skilled at translating complex security concepts into actionable guidance for both technical and non-technical audiences. You won't just be running manual scans—you will be architecting the automated future of defensive posture.
Responsibilities
- Security Architecture & Engineering
-
Security-by-Design: Design, develop, and architect scalable security features and identity adapters, ensuring security is baked into the product lifecycle from inception to sunset.
-
Identity & Access Management: Lead Security Architecture Reviews for complex client identity flows, providing authoritative guidance on OIDC, OAuth 2.0, and JWT implementation and vulnerability remediation.
-
Control Standardization: Define the organization’s standardized security control library and assist various departments in assessing, selecting, implementing, and verifying these controls.
-
Automation & AppSec Pipelines
-
CI/CD Integration: Engineer and automate application security testing (SAST/DAST/SCA) within CI/CD pipelines to identify vulnerabilities at scale.
-
Security-as-Code: Design scalable "Security-as-Code" suites to verify control effectiveness across enterprise pipelines, providing automated, evidence-based risk reporting to stakeholders.
-
Automated Validation: Engineer and deploy Automated Security Validation (ASV) frameworks that programmatically exploit identified vulnerabilities to verify control effectiveness.
-
Culture, Culture, & Governance
-
Threat Modeling: Operationalize threat modeling across the engineering organization by establishing STRIDE-based standards and mentoring junior developers to lead their own sessions.
-
Security Advocacy: Influence organizational security culture by developing secure coding standards and leading "Security Champion" programs.
-
Telemetry & Analytics: Design and oversee the development of security telemetry pipelines and executive dashboards that provide a real-time, risk-based view of application security posture.
-
Top Skills & Focus Areas
-
To be successful in this role, you should possess deep expertise or strong familiarity with the following core pillars:
-
Custom Code Gating & Automation: Ability to build mechanisms that automatically scan code for vulnerabilities before deployment, blocking risky code instantly while delivering immediate, constructive feedback to developers.
-
AI Vulnerability Remediation & Visibility: Experience leveraging cutting-edge AI tools to rapidly locate and remediate security issues, drastically reducing manual overhead for CXT development teams.
-
Software Supply Chain Security (SBOM): Knowledge of creating and managing automated, comprehensive Software Bills of Materials (SBOM) to quickly identify and mitigate risks from third-party vulnerabilities or licensing issues.
-
Secure Development Assurance: A passion for maturing foundational AppSec initiatives, including managing AppSec portals, driving security champion programs, and delivering targeted developer training.
-
Measurable Security Performance: Ability to define and track clear metrics demonstrating control effectiveness, establishing a standardized framework for security testing to ensure consistent compliance.
Qualifications
-
5+ years of experience in Software Development, DevOps, or Application Security Engineering.
-
Strong hands-on experience architectural implementation of modern authentication/authorization protocols (OAuth 2.0, OIDC, SAML, JWT).
-
Deep familiarity with modern CI/CD tools (e.g., GitHub Actions, GitLab CI, Jenkins) and integrating security tooling (Checkmarx, Veracode, Snyk, SonarQube, etc.).
-
Strong conceptual and practical understanding of the STRIDE threat modeling framework and OWASP Top 10.
-
Exceptional communication skills with a proven track record of mentoring developers and presenting technical risk to non-technical stakeholders.
-
Education and Certifications
-
Bachelor’s Degree in Computer Science, Software Engineering, Cyber Security, or a closely related technical field or A combination of a related diploma (e.g., Information Technology) and equivalent hands-on experience in AppSec or DevOps engineering
-
Nice to have Certifications Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), GIAC Certified Web Application Defender (GWEB), Cloud Security Certifications (e.g., AWS Security Specialty, Google Cloud Security Engineer)
Additional Information
A requirement for candidates to be considered for this role will be to complete a criminal and credit check (including Canadian Credit Risk Score)
Looking for meaningful work? We can help!
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or [email protected].
#WES
#LI-SC1
