Maplesoft Group is currently seeking a Senior Application Security Engineer for our Federal Government client.

Tasks and Responsibilities include, but are not limited to the following:
 
Security Strategy & Risk Management

• Define and own the security strategy for the  Project, ensuring alignment with enterprise security policies.
• Perform threat modeling to identify potential risks and recommend mitigation strategies.
• Establish security requirements and policies, mapping them to specific product features and development initiatives.
• Monitor and track security requirements implementation across different teams, ensuring compliance with security best practices.
• Work closely with Risk & Compliance teams to ensure all security and privacy requirements are met.

Security Advisory & Development Support

• Act as the security point of contact (PoC) for different agile squads (Pods), ensuring security tasks are incorporated into sprint planning.
• Engage in planning ceremonies to support teams in identifying required security controls and non-functional security requirements (NFRs).
• Help engineering teams fix vulnerabilities, implement security best practices, including secure coding, identity & access management, and secure API design.
• Map which NFRs should be implemented for different product features and ensure they are enforced.
• Provide guidance on Role-Based Access Control (RBAC), secure authentication (OAuth, Entra ID), data protection, and encryption policies.

Security Monitoring, Incident Response & Governance

• Monitor security events to detect anomalies and handle incident response in collaboration with the Security Operations team.
• Conduct threat and risk assessments (TRA) for key features and releases, ensuring vulnerabilities are identified and addressed early.
• Define and track security metrics to measure compliance and report security status to leadership.
• Support and guide security policies implementation, ensuring alignment with corporate and industry security frameworks.

Security Testing & Compliance

• Conduct and review automated security scans (SAST/DAST/SCA) & penetration tests to detect vulnerabilities.
• Work with Infrastructure & Cloud Security teams to identify and remediate security risks.
• Ensure security and compliance testing is integrated into CI/CD pipelines (DevSecOps).
• Validate secure deployment practices in cloud environments (Azure), ensuring workloads are protected.
• Work with different stakeholders ( lenders, banks, product owner, etc.) to collect, refine and implement security requirements 

Key Qualifications

Required Skills & Experience

• 7+ years of experience in security advisory, application security, or cloud security roles.
• Strong expertise in threat modeling, risk assessments, and security architecture.
• Experience implementing security controls in DevSecOps, CI/CD pipelines, and cloud environments (Azure).
• Deep knowledge of SAST, DAST, SCA, container security, API security, and penetration testing.
• Familiarity with security governance, compliance standards (ISO 27001, NIST, SOC 2, GDPR, etc.).
• Ability to define and track security requirements, NFRs, and risk mitigation plans.
• Strong understanding of identity and access management (IAM), RBAC, OAuth, Entra ID (Azure AD).
• Hands-on experience with secure coding best practices, OWASP Top 10, and application security frameworks.
• Ability to work cross-functionally with engineering teams, product managers, and compliance stakeholders.

Preferred Skills

• Certifications: CISSP, CISM, CEH, or Azure Security-related certifications.
• Experience with SIEM tools, security automation, and incident response frameworks.
• Knowledge of zero-trust security models and microservices security.


Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people.  Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.

Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans’ status, Aboriginal peoples or any other legally protected factors. 

All employment decisions are made based on business needs, job requirements, and individual qualifications. 

We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at info@maplesoftgroup.com.

We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.

 

#PRIORITY