Share this Job

Application Security Lead - ON/BC - Full Time

Apply now »

Date: Jul 5, 2021

Location: Toronto, ON, CA

Company: LifeLabs

About Us

At LifeLabs, we are focused on our vision of empowering a healthier you!  We are the largest community diagnostics laboratory in Canada with over 350 collection centres, 16 laboratories and service over 20 million patients each year.  

Agile, Customer-centred, Caring, Teamwork - We live our values every day in what we do to help our patients and healthcare providers.  With over 6,000 employees, we all make a difference and that’s why our people are so important to us.  

This is an exciting time to join our LifeLabs team, grow your career with us and support numerous business initiatives, innovations, best practice and business development opportunities.

Reporting to Sr. Manager, Security Operations.The Application Security Lead is responsible for the strategic, technical,and operational direction of the application security team and assesses, defines, implements, participates in and supports DevSecOps programs.


Accountability: Leadership

• Understand and apply internal governance, policies and procedures to enhance and mature the existing program to better achieve internal objectives and requirements.

• Manage new projects and initiatives related to application security as needs arise.

• Manage the application security threat modeling process and coordinate application threat models against the Organization’s applications.

• Support periodic compliance reviews with mandated regulatory and requirements.

• Manage and update Key Performance Indicators (KPI’s) for AppSec.

• Educate team members and all engineers on application security standards and best practices, establishing regular educational activities, recommending and attending appropriate training and conferences.

• Drive adoption of new DevSecOps tools and practices.

• Provide regular updates to department and company leadership on our platform security posture. Ensure cross-department collaboration and coordination of security efforts.


Accountability: Application Security Development

• Contribute to/participate in the design and implementation of DevSecOps platforms, which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures.

• Participate in the assessment, architecture, design and implementation of DevSecOps practices and solutions needed to build and operate security in the cloud.

• Participate in functional and technical initiation activities to incorporate effective threat modeling, security standards and best practices into system design.


Accountability: Stakeholder and Vendor Management

• Govern and manage vendor relationship with providers and provide oversight and direction.

• Collaborate and engage between the business and technology functions to strengthen and enhance business continuity, and resiliency capability.

• Maintain relationships with key stakeholders across varying business functions.

• Liaison with customer relation team responsible for addressing external requests related to AppSec.

• Drive operational resilience, crisis management, and risk management strategies across the enterprise.

• Support the ongoing management and improvement of application security techniques in alignment with industry best practice.



• Level of Education:  Bachelor’s degree (preferred with Masters) or equivalent in Math, Computer Science, Engineering, Software Engineering, and/or Cybersecurity

• 5+ years of experience working in Application Security

• 5+ years of experience working on cloud deployments 

• 3+ years of hands-on experience with DevOps CI/CD tools such as Git, Jenkins, Ant/Maven/Gradle, etc.


Preferred to have one or more of the following relevant certifications: 

• Certified Information Systems Security Professional (CISSP)

• Certified Secure Software Lifecycle Professional (CSSLP)

• Certified Application Security Engineer (CASE)

• Certified Ethical Hacker (CEH)

• Certified DevSecOps Professional / Expert (CDP / CDE)



• Cloud Certification (Practitioner, Security, Developer, Architect) completed or in progress for higher levels

• Experience with at least one of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure

• Software application development experience, preferably Web application development

• Experience with Agile and/or DevOps methodologies

• Experience performing application security assessments such as threat modeling, security testing, and vulnerability management and remediation

• Software security frameworks and maturity models (BSIMM, OpenSAMM, etc.) 

• Bonus – Exposure to one or more of the following technologies: cloud computing, application containers such as Docker or OpenShift, Infrastructure-as-Code, microservices, identity and access management, secrets management such as HashiCorp Vault

• Degree/experience requirements: A Bachelor of Science in a technical concentration (Math, Engineering, Computer Science, Cyber Security) is preferred, but candidates with non-technical degrees or without degrees will be considered by demonstrating sufficient relevant experience in Information


LifeLabs is committed to building an inclusive environment and will provide accommodations in accordance with the AODA – Accessibility for Ontarians with Disabilities Act. Please indicate in your application any accommodations you will require throughout the recruitment process.  Alternatively please contact our corporate offices main line to be directed to a member of the Talent Acquisition team at  (416) 675-4530. 


Job Segment: Engineer, Business Development, Law, Information Systems, Risk Management, Engineering, Sales, Legal, Technology, Finance