Application and Product Security Principal

Who we are:

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.

We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.

Your role:

The Application & Product Security Principal is responsible for leading the DevSecOps areas of application security, application vulnerability scanning and other daily security and compliance efforts. This role is positioned between software engineering, security and operations, driving the integration of robust security practices into every stage of the software development lifecycle. As a senior member of the Application & Product team you will input into strategy, standards and partner closely with engineering, platform and product teams to ensure security is built-in and aligned with business objectives. You will champion a proactive, risk-based approach to security, embedding automated controls, secure design principles and continuous assurance into the development pipelines. You will lead security sessions for development engineering teams with focus on risks, security report analysis, mitigations of identified vulnerabilities and process improvements. You will also be responsible for developing and deploying an automated security framework for robust deployment of tools and processes, leveraging scripting languages and open-source solutions.

Your responsibilities:

• Extensive experience in Application Security, Product Security or DevSecOps roles
• Deep understanding of secure software development practices, including threat modeling, secure coding and vulnerability management
• Serve as the liaison for deployment of DevSecOps standards and input into new standards or policies
• Embed security and DevSecOps practices throughout the organization, within SDLC and support an automated continuous integration (CI) and continuous delivery (CD) system
• Work with APIs and plugins to integrate security tools into established CI/CD pipelines using agile delivery methodology
• Partner with developers and engineering teams to prevent vulnerabilities and ‘shift-left’ security testing in the SDLC
• Focus on automation to aid in efficiencies with both testing and development
• Provide hands-on technical expertise and support in general DevSecOps tasks
• Review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and applications, and effectively address false positives
• Investigate security issues in order to determine specific steps for reproduction and scope of vulnerabilities and risks
• Provide encouragement to team members, including identifying areas for additional training or skills development
• Mentor less experienced members of the team to help build a strong culture, improve security efficacy, and oversee team member work for quality and guideline compliance
• Create security documentation and developer training material
• Improve test case documentation and grouping
• Act as the senior subject matter expert for Global Relay software security testing related to the CI/CD pipeline
• Lead the selection, deployment, and management of appropriate scanning tools for security testing in the CI/CD pipeline
• Develop competency in the OWASP Top 10 and derive new test methodologies based on Global Relay applications
• Work with Application and Product Security Team Lead to identify areas where security test coverage is lacking, and work to improve the security test coverage
• Provide suggestions on improvements and see these through to completion

About you:

• 8+ years of application security and operations experience and expert knowledge of software security
• Experience with at least one of each of the following:
  o    OWASP, Mitre, NIST SP800-115
  o    SAST, DAST, SCA
  o    Python, Java, Bash, PowerShell
  o    Puppet, Ansible, Git repositories, Jenkins, Docker/Podman, CI/CD technologies
  o    Container - OpenShift / Kubernetes
  o    API security
• Working with Security, Developers, DevOps, and Engineering teams in a dynamic environment
• Secure development, coding, and engineering practices
• Experience with the following would be an asset:
  o    AI tools / Machine learning
  o    ISO 27000, SOC 2, GDPR and other security and privacy standards
  o    CISM, CISSP, OSCP, or other relevant security certifications
  o    Networking technologies, particularly with OSI layers and TCP/IP
  o    Web-based protocols, including cookie management, encrypted traffic, TLS, HSTS, and webhooks
  o    Security tools such as firewalls, IDS/IPS, anti-virus, anti-spam, and server and network device hardening
  o    Encryption protocols and methodologies
• Ability to work under broad supervision with little instruction
• Ability to communicate effectively, in both written and verbal forms, with technical and non-technical cross-functional teams.
• Ability to communicate diplomatically and effectively at all levels of the organization with all classifications, including the very technical
• Proven competence using MS Office and other desktop applications
• Methodical and creative approach to problem-solving
• Excellent verbal and written communication skills
• Strong attention to detail and follow-up

Compensation:

Global Relay advertises the pay range for this role in compliance with British Columbia’s pay transparency laws. Individual pay rates are determined by evaluating factors such as expertise, skills, education, and professional background. 

The range below reflects the expected annual base salary, which is only one element of our comprehensive total rewards package designed to reflect our company pay philosophy, culture and values. We aim to foster an inspiring work environment and support employees' work-life rhythms. We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Other benefits include: Paid sick days, maternity/parental enhancement program, bonus, and an RRSP contribution matching program. 

For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team!

British Columbia - Base salary range

$125,000—$160,000 CAD

What you can expect:

At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills.

Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion.

We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual.

To learn more about our business, culture, and community involvement, visit .