Title:  Senior Application Security Engineer

Requisition ID: 258939 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

The Senior Application Security Engineer is responsible for providing technical leadership across application security engineering, supporting secure software delivery through industry leading SDLC practices, tooling, and automation. This role focuses on the design, integration, and continuous improvement of enterprise application security capabilities, including secure CI/CD integrations, vulnerability detection, and remediation workflows.

The role contributes to the overall success of the Application Security Product & Engineering function by ensuring security tooling, processes, and integrations effectively protect the Bank and its customers from application layer threats. All activities are executed in compliance with regulatory requirements, internal policies, and risk management standards.

What You’ll Do:

Technical Leadership

• Provide technical leadership and guidance in a team environment spanning multiple geographies to support Application Security toolsets, responsible for their effectiveness, reliability, and outcomes.
• Lead design, integration, and implementation of enterprise application security tooling (e.g., SAST, DAST, SCA, SBOM, API security, secrets detection).
• Makes technical prioritization and trade-off decisions across application security tooling, balancing risk, scalability, developer experience, and operational efficiency.
• Analytical and troubleshooting expertise and a strong ability to guide, mentor, train others how to investigate complex system integration problems, problem ownership, patience, understanding, and empathy of the difficulty of hunting for problems in other teams' software and architecture problems as a consultant and expert.

Secure SDLC & DevSecOps Enablement

• Support integration of application security controls and tooling into DevOps pipelines and developer workflows across diverse deployment environments to enable secure-by-design and secure-by-default software delivery.
• Define and implement SDLC processes and best practices used across engineering and security DevOps teams.
• Support AppSec SLAs using DevOps skill sets to solution and resolve across the application stack.

Automation, Self-service & Continuous Improvement

• Innovate and automate to reduce manual processes used to support security toolsets.
• Influence an engineering culture of self-service tools that improve the developer experience through low-code solutions.
• Contribute to the adoption of SDLC best practices and enterprise tooling to be used by all engineers.
• Drive continuous improvement by contributing to the creation, collection, and reporting of KPIs, identifying efficiencies, and assisting the team in their deliverables.

Risk, Governance & Controls

• Understand how the Bank’s risk appetite and risk culture should be considered in day‑to‑day activities and decisions.
• Actively pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to, and effectiveness of day to day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions, and conduct risk.

Stakeholder Collaboration & Delivery

• Work across teams including engineering, external vendors, and technology teams to meet application security tooling roadmaps, and maintain security compliance and software currency within the tools and infrastructure.
• Champions a support team to customer focused culture to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
• Contributes to a high-performance environment and an inclusive work environment.

What You'll Bring:

• 5+ years of experience leading and mentoring DevSecOps engineering teams within Agile and modern Software Development Life Cycle (SDLC) environments.
• 5+ years of domain expertise in Application Security (AppSec), including hands-on experience deploying and managing enterprise vendor security platforms (such as SCA, SBOM, SAST, DAST, MAST, API Security, and CNAPP).
• 5+ years of hands-on experience with containerization and orchestration technologies, specifically Docker and Kubernetes (k8s), including cluster architecture, performance tuning, and optimizing container workloads. Infrastructure as Code (IaC) experience preferred.
• 5+ years of robust cloud infrastructure (such as Azure, GCP, AWS) and system administration experience across Linux and Windows ecosystems, with deep knowledge of network troubleshooting, firewalls, routing, and proxy configurations.
• 5+ years of software development and scripting experience (such as Python, PowerShell, Bash, Java, C#, or .NET), with a strong focus on building, integrating, and consuming APIs across diverse architectures.
• 5+ years of systems architecture and engineering experience designing and troubleshooting CI/CD pipelines (such as Jenkins, BitBucket, Azure DevOps, GitHub Actions). Strong proficiency with software build tools (such as Maven, Gradle) and package managers (such as npm).
• 5+ years of experience authoring, reviewing, and maintaining comprehensive technical documentation and architectural designs for complex, enterprise-scale platforms and solutions.
• Exceptional analytical and problem-solving abilities, paired with strong organizational, time-management, and cross-team communication skills.

Working Conditions

Work in standard office-based environments located in Scarborough and Downtown Toronto; non-standard hours are a common occurrence. No external travel required.

Interested?

If your experience is closely related but doesn’t align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank!

At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. That’s why we work to grow and diversify talent and engage employees in a performance-oriented culture.

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove, and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.