Lead Security Developer

Lead Security Developer

• Pay Rate: $ 88.24 TO $110.29/hour, depending on experience
• Contract Length: 3 Months
• Location: Calgary, Alberta

Raise is currently hiring a Lead Security Developer on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client is a market leading financial institution

Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.

Description

The developer in this role will help to safeguard the confidentiality and integrity of our clients digital assets by designing, building, and defending scalable, secure, and robust systems. They will lead Security Architecture Reviews and provide authoritative guidance on complex identity flows like OIDC, OAuth 2.0, and JWT implementation, ensuring "Security-by-Design" is integrated from inception to sunset. They will integrate and strengthen 's defense posture by engineering and automating application security testing (SAST/DAST/SCA) within CI/CD pipelines to identify vulnerabilities at scale. They will also serve as a key technical expert for teams across CXT by assisting development and product teams with vulnerability remediation and security control implementation best practices. Furthermore, they will design and build new automation tools and features, such as scalable 'Security-as-Code' suites to verify control effectiveness and executive dashboards to provide a real-time, risk-based view of the application security posture. Finally, they will operationalize STRIDE-based Threat Modeling and lead "Security Champion" programs to influence organizational security culture and enforce secure coding standards.

Responsibilities            

• Design, develop, and architect scalable security features and identity adapters, ensuring Security-by-Design is baked into the product lifecycle from inception to sunset.
• Engineer and automate application security testing (SAST/DAST/SCA) within CI/CD pipelines to identify vulnerabilities at scale, rather than just performing manual scans.
• Lead Security Architecture Reviews for complex client identity flows, providing authoritative guidance on OIDC, OAuth 2.0, and JWT implementation and vulnerability remediation.
• Define the standardized security control library for the organization and verify the effectiveness of these controls through automated validation.
• Review application architecture from a security perspective and provide technical guidance on vulnerability remediation.
• Assist departments in assessing, selecting, implementing, and verifying the effectiveness of security controls.
• Engineer and deploy of Automated Security Validation (ASV) frameworks that programmatically exploit identified vulnerabilities.
• Design scalable 'Security-as-Code' suites to verify control effectiveness across the enterprise CI/CD pipelines, providing automated, evidence-based risk reporting to stakeholders
• Operationalize Threat Modeling across the engineering org by establishing STRIDE-based standards and mentoring junior developers to lead their own sessions.
• Influence organizational security culture by developing secure coding standards and leading "Security Champion" programs.
• Design and oversee the development of security telemetry pipelines and executive dashboards that provide a real-time, risk-based view of the application security posture.

Top Skills:

• Custom Code Gating and Automation: Automatically scan code for vulnerabilities before it's deployed, stopping risky code instantly and giving developers immediate, helpful feedback.
• AI Vulnerability Remediation and Visibility: Use new AI tools to quickly find and fix security issues, drastically reducing the manual effort from our development teams across CXT.
• Complete Software Inventory (SBOM): Create an automated, comprehensive list of all software components we use to quickly identify and manage risk from new vulnerabilities or license issues.
• Secure Development Assurance: Focuses on maturing foundational initiatives like the AppSec portal, security champions program, and targeted developer training to cultivate a proactive security culture and streamline critical processes.

Qualifications

• Identity & Access Management (IAM) Expertise – hands-on experience designing and defending complex flows using OIDC, OAuth 2.0, and JWT, ability to architect "Security-by-Design" features rather than just implementing basic login screens.
• DevSecOps & Pipeline Automation – ability to engineer and automate security testing—specifically SAST, DAST, and SCA—directly into CI/CD pipelines. Custom Code Gating experience building systems that automatically block vulnerable code from being deployed.
• Security-as-Code & Framework Engineering – developing Automated Security Validation (ASV) frameworks that programmatically exploit vulnerabilities and creating Security-as-Code suites. Experience in generating Software Bill of Materials (SBOM) to manage third-party risk
• Threat Modeling & Risk Assessment – ability to operationalize security at the design phase. This includes leading Security Architecture Reviews and utilizing STRIDE-based Threat Modeling. Provide authoritative guidance on vulnerability remediation and control implementation
• AI-Driven Remediation & Telemetry – experience leveraging AI tools for vulnerability remediation to reduce manual effort for development teams, capable of designing security telemetry pipelines and executive dashboards that translate technical risks into real-time, risk-based performance metrics for stakeholders.
• Security Leadership & Culture – experience with leading a Security Champions program and establishing secure coding standards. Ability to mentor junior developers and advocate for a proactive security culture across different departments.

Education and Certifications

• Bachelor’s Degree in Computer Science, Software Engineering, Information Technology, or a related field
• Additional Information, In lieu of a degree, candidates with significant specialized experience (7+ years) and a strong portfolio of security-focused engineering projects (e.g., open-source security tools) may be considered.
• Certifications (nice to have ) CISSP, CSSLP, CSSLP, AWS Certified Security – Specialty or Azure Security Engineer Associate

Additional Information

A requirement for candidates to be considered for this role will be to complete a criminal and credit check (including Canadian Credit Risk Score)

Looking for meaningful work? We can help!

Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.

We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.

We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/

In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or hello@raiserecruiting.com.

#WES

#LI-SC1