Senior Lead Application Security Engineer

IFS is a billion-dollar revenue company with 7000+ employees on all continents. Our leading AI technology is the backbone of our award-winning enterprise software solutions, enabling our customers to be their best when it really matters–at the Moment of Service™. Our commitment to internal AI adoption has allowed us to stay at the forefront of technological advancements, ensuring our colleagues can unlock their creativity and productivity, and our solutions are always cutting-edge.

At IFS, we’re flexible, we’re innovative, and we’re focused not only on how we can engage with our customers but on how we can make a real change and have a worldwide impact. We help solve some of society’s greatest challenges, fostering a better future through our agility, collaboration, and trust.

We celebrate diversity and understand our responsibility to reflect the diverse world we work in. We are committed to promoting an inclusive workforce that fully represents the many different cultures, backgrounds, and viewpoints of our customers, our partners, and our communities. As a truly international company serving people from around the globe, we realize that our success is tantamount to the respect we have for those different points of view.

By joining our team, you will have the opportunity to be part of a global, diverse environment; you will be joining a winning team with a commitment to sustainability; and a company where we get things done so that you can make a positive impact on the world.

We’re looking for innovative and original thinkers to work in an environment where you can #MakeYourMoment so that we can help others make theirs. With the power of our AI-driven solutions, we empower our team to change the status quo and make a real difference.

If you want to change the status quo, we’ll help you make your moment. Join Team Purple. Join IFS.

Job Description

We are looking for an Application Security Engineer to join the Agentic Platform pillar, working within the Cloud Platform team. This team owns the secure, governed foundation that enables all of Copperleaf’s R&D teams to build and ship faster. In this role you will embed security directly into the platform and across every CI/CD pipeline, shifting our posture from reactive to proactive. You will bring traditional application security depth into our DevSecOps culture and, critically, use AI agents to continuously and autonomously improve our security posture. Our operating premise is simple: agentic attacks require agentic defense. You will build the agents, skills, and guardrails that detect, triage, and remediate security risk at machine speed, staying ahead of threats rather than responding to them after the fact. This is a hands-on, implementation-first role: you will personally build, ship, and operate the security changes you design, working directly in the code and the pipelines rather than advising from the sidelines.

Key Responsibilities

• Embed application security into the Cloud Platform and across all CI/CD pipelines, making secure-by-default the path of least resistance for every R&D team.
• Design, build, and operate AI-driven security agents that proactively scan, triage, and remediate vulnerabilities across source code, dependencies, containers, and infrastructure-as-code, turning point-in-time reviews into continuous, autonomous coverage.
• Establish secure software development lifecycle (SSDLC) practices, threat modeling, and secure-coding standards, and integrate automated enforcement (SAST, SCA, DAST, secrets scanning, IaC scanning) as native pipeline gates rather than bolt-on checks.
• Lead the security of our own agentic systems: defend against prompt injection, tool/MCP abuse, data exfiltration, excessive agency, and supply-chain risk in line with frameworks such as the OWASP Top 10 for LLM Applications and MITRE ATLAS.
• Drive proactive vulnerability management: remediate HIGH and CRITICAL CVEs across platform infrastructure and container images in line with contractual and compliance commitments, and automate the toil out of it.
• Partner with engineering teams to harden Azure Kubernetes Service (AKS) workloads, identity and access (Keycloak, Azure AD, Managed Identities, workload identity), network segmentation, and secrets management.
• Contribute security evidence and controls to compliance programs (SOC 2, ISO 27001, Cyber Insurance), and automate evidence collection and continuous control monitoring with agentic tooling.
• Define and maintain security runbooks, detection logic, and incident response procedures, and build the agents that execute and accelerate them.
• Act as the security skill set within the platform team raising the bar through code review, pairing, and sharing pragmatic, developer-friendly guidance.
• Contribute to improving the Agentic Operating Model through development of security-focused agent skills, prompts, and tooling that other teams can reuse.

Technical Focus Areas

• Application security fundamentals: secure SDLC, threat modeling, OWASP Top 10, secure code review, and remediation across multiple languages and stacks.
• Agentic and AI security: securing LLM- and agent-based systems (prompt injection, tool/MCP security, sandboxing, guardrails), plus building autonomous agents that perform security work. OWASP Top 10 for LLMs and MITRE ATLAS a strong asset.
• DevSecOps and pipeline security with Azure DevOps: SAST, SCA, DAST, secrets and IaC scanning, SBOM generation, container signing and attestation, and pipeline access controls.
• Security scanning and tooling: Mend (SCA/SAST), Azure Defender for Cloud, and MDR/SOC platforms.
• Hands-on with modern agentic and AI-security tooling: agentic coding and security assistants (e.g. Claude Code with custom agent skills and MCP), AI-assisted code analysis and autofix (e.g. Semgrep, Snyk / DeepCode AI, GitHub Copilot Autofix / CodeQL), LLM and agent red-teaming (e.g. garak, Microsoft PyRIT, Promptfoo), and runtime guardrails and model supply-chain protection (e.g. Lakera Guard, NVIDIA NeMo Guardrails, Protect AI).
• Cloud-native security on Azure Kubernetes Service (AKS): RBAC, network policies, admission controllers (e.g. Kyverno), workload identity, and cluster hardening.
• Identity and access management: Keycloak, Azure Active Directory, Managed Identities, and secrets management (e.g. CSI secrets driver, Key Vault).
• Infrastructure-as-code: Bicep or Terraform for security configuration, policy-as-code, and drift management.
• Compliance frameworks and automated evidence collection: SOC 2, ISO 27001, and Cyber Insurance requirements.
• Scripting and automation (e.g. Python, PowerShell, or C#) to build security tooling and orchestrate agents.

Qualifications

Area of specialization: Application Security & DevSecOps – Agentic Defense

About you

• You think proactively: you anticipate how systems will be attacked and build defenses ahead of the threat, rather than waiting to respond.
• You are a do-er, not just an advisor: you implement the fixes yourself and measure success by what ships and what is provably more secure, not by recommendations handed to someone else.
• You demonstrate strong ownership of technical outcomes and a commitment to quality.
• You apply sound engineering judgment when making design and implementation decisions, balancing security rigor with developer velocity.
• You communicate clearly and effectively with both technical and non-technical stakeholders.
• You continuously develop technical and domain expertise in application security, cloud security, and the rapidly evolving field of agentic/AI security.
• You collaborate effectively within cross-functional, outcome-oriented teams.
• You leverage AI to accelerate projects and improve overall quality of output, and you are excited to push the frontier of what agentic defense can do.

Additional Information

What We’re Offering

• Salary Range: $117,000 CAD - $167,000 CAD
• Permanent, Full-time

Use of Artificial Intelligence in Recruitment
As part of our recruitment process, we may use automated tools, including artificial intelligence, to help screen and assess applications based on job‑related criteria such as skills, experience, and

qualifications

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles, while also valuing inclusive workplace experiences. By fostering a sense of community, we drive innovation, strengthen connections, and nurture belonging. Our commitment ensures you can work in a way that suits you best, while also engaging with colleagues to share ideas and build meaningful relationships.