Application Security Analyst

For over 50 years, LifeLabs has been Canada’s leading provider of laboratory diagnostic information and digital health connectivity systems, enabling patients and healthcare practitioners to diagnose, treat, monitor and prevent disease. We are passionate about empowering healthier Canadians through accessible, accurate, and innovative diagnostic services.

We are committed innovators, operating Canada's first commercial genetics lab, and the country's largest online patient portal, with more than 8 million Canadians receiving their results online. More than 112 million laboratorytests come through LifeLabs’ laboratories annually, and our team of more than 6,000 passionate, caring, and diverse professionals works together as one to provide high quality testing and results that Canadians can trust.

We know that behind every lab requisition, sample being tested, or investment in technology is an individual and their family counting on us. At LifeLabs, you can make a meaningful impact on Canadians’ lives every day.

Our teams are at the heart of everything we do. We are proud to be recognized as one of Canada’s Best Employers, reflecting our deep commitment to our core values of caring, agility, teamwork, and a customer-centered approach. As part of this commitment, LifeLabs prioritizes the ongoing development of our diversity, equity, and inclusion (DEI) program to better serve the needs of our diverse workforce and the communities we serve. We continue to take steps to challenge ourselves to act with courage and integrity, and to create an environment where people can be their true selves.

These values are not just words on a page, they guide our actions and decisions every day and have come to define our team culture.

Reports To: Manager, Threat and Vulnerability Management

Purpose of the Role:

We are seeking a skilled and motivated Application Security Analyst to join our TVM team. The Application Security Analyst is responsible for ensuring the security of our software applications throughout their lifecycle. You will work closely with development, DevOps, and IT teams to identify, assess, and mitigate security risks, participate in and support DevSecOps programs, ensuring that our applications are protected against potential threats and vulnerabilities. 

LifeLabs operates under a Hybrid workforce model. Further details will be provided during the interview stage.

 
Accountabilities:

• Conduct regular security assessments, including vulnerability scanning (SAST, SCA, DAST), and code reviews, to identify and mitigate security risks within applications
• Understand and apply internal governance, policies and procedures to enhance and mature the existing program to better achieve internal objectives and requirements
• Implement, manage, and maintain application security tools such as SAST, DAST, and Web Application Firewalls (WAFs). Automate security testing in CI/CD pipelines to ensure continuous security validation
• Integrate security practices into the SDLC by collaborating with software developers, DevOps, and IT teams. Provide guidance on secure coding practices and participate in design and code review sessions
• Maintain and update Key Performance Indicators (KPI’s) for AppSec
• Contribute to/participate in the design and implementation of DevSecOps platforms, which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures
• Identify, prioritize, and remediate application security vulnerabilities by working closely with development teams, ensuring that risks are addressed in a timely manner
• Assist in the investigation and response to security incidents related to applications. Analyze the root cause and recommend solutions to prevent future incidents
• Document security assessment results, vulnerabilities, and remediation efforts. Create and maintain detailed security reports for internal and external stakeholders
• Understand and apply internal governance, policies and procedures to enhance and mature the existing program to better achieve internal objectives and requirements
• Educate team members and all engineers on application security standards and best practices, establishing regular educational activities, recommending and attending appropriate training and conferences
• Collaborate and engage between the business and technology functions to strengthen and enhance business continuity, and resiliency capability
• Maintain relationships with key stakeholders across varying business functions
• Liaison with customer relation team responsible for addressing external requests related to Application Security
• Drive operational resilience, crisis management, and risk management strategies across the enterprise
• Support the ongoing management and improvement of application security techniques in alignment with industry best practice

Minimum Hiring Requirements:

• Bachelor’s degree (preferred with Masters) or equivalent in Math, Computer Science, Engineering, Software Engineering, and/or Cybersecurity
• 2 years of experience working in Application Security or a related security role, and proficiency in using application security related tools such as SAST, SCA, DAST, and WAFs tools
• 2 years of hands-on experience with DevSecOps practices and integrating security into CI/CD pipelines
• 2 years of software application development experience, preferably Web application development. Experience with programming languages such as C#, JavaScript, Python, Java
• Preferred to have one or more of the following relevant certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Application Security Engineer (CASE)
  • Certified Ethical Hacker (CEH)
  • Certified DevSecOps Professional / Expert (CDP / CDE)
• Experience with performing application security assessments such as security testing (SAST, SCA, DAST etc.), and vulnerability management and remediation
• Strong understanding of secure coding practices and common security vulnerabilities (e.g., OWASP Top Ten)
• Software security frameworks and maturity models (BSIMM, OpenSAMM, etc.)
• Knowledge of security protocols, cryptography, authentication, and authorization mechanisms
• Experience with Agile and/or DevOps methodologies
• Cloud Certification (Practitioner, Security, Developer, Architect) completed or in progress for higher levels
• Experience with at least one of the following: Microsoft Azure, Amazon Web Services, Google Cloud Platform
• Exposure to one or more of the following technologies: cloud computing, application containers such as Docker or OpenShift, Infrastructure-as-Code, microservices, identity and access management, secrets management such as Azure KeyVault, HashiCorp Vault etc.

#LI-AJ1

LifeLabs’ compensation programs are commensurate based on the role, skill, effort, responsibility and working conditions, irrespective of gender, race, ethnicity, beliefs, age or any other personal characteristics. Pay programs are communicated regularly in an accessible and transparent manner.

LifeLabs is also proud to offer resources, opportunities, as well as a collaborative and supportive environment that enables our team members to thrive.

In addition to a competitive compensation package, LifeLabs provides a comprehensive total rewards program, specific to the job position. Your package may include:
 

• Employee Group Benefits: Competitive coverage for employees and their families to support their overall health and wellness needs, including Extended Health Care, Dental Care, and Life Insurance.
• Retirement Savings Plan
• Vacation and Wellness Days
• Employee Wellness and Giving Programs: Our award winning mental, physical and financial wellness programs aim to address the comprehensive well-being of our team members, including resources like the Employee & Family Assistance Program, financial planning tools, and employee recognition initiatives.
• Professional development and membership reimbursement, access to preferred rates and discount programs, including WorkPerks, Home and Auto Insurance, Costco Membership, etc., and optional health-related benefits.

In accordance with LifeLabs’ Accessibility Policy, and the applicable Accessibility Acts within the provinces we operate in, accommodations are available by request for candidates taking part in all aspects of the recruitment and selection process. For a confidential inquiry or to request an accommodation, please contact your recruiter or email careers@lifelabs.com.

Vaccinations are highly encouraged at LifeLabs’. Vaccinations and/or immunization screening may be mandatory for selected employees if regulated by provincial or regional governments, or through employer-led vaccination policies in the facilities we service. Please ensure you ask if this position requires the successful candidate to be vaccinated or undergo immunization screening.

Ready to empower healthier Canadians? Apply today!