British Columbia Investment Management Corporation (BCI) offers an exceptional opportunity to work at a world‑class organization while living in a west coast setting. With $295.0 billion of gross assets under management, as of March 31, 2025, British Columbia Investment Management Corporation (BCI) is the provider of investment management services for British Columbia’s public sector and one of the largest asset managers in Canada. BCI seeks investment opportunities around the world and across a range of asset classes that convert savings into productive capital. Our investment returns play a significant role in helping our institutional clients build a financially secure future for their beneficiaries.BCI’s Cyber Security team is looking for a specialized Application Security Engineer to embed alongside development teams and help secure the software BCI builds, from design through deployment. Based in Vancouver or Victoria, this role sits at the intersection of software engineering and security, requiring deep hands‑on experience with application security practices including AI assisted development.THE OPPORTUNITY Reporting to the Senior Manager, Cyber Security Product & Innovation, the Security Engineer is responsible for ensuring all software solutions built by BCI conform to best practices for writing secure software. The Security Engineer will be instrumental in developing security requirements and designing and implementing security solutions.The Security Engineer collaborates and communicates with business and technology teams in an Agile hybrid environment and enables the effective and efficient delivery of secure, quality products.WHAT YOU BRINGBachelor’s degree in Technology, Engineering, Computer Science, or a related fieldA minimum of 5 years of experience in progressively senior technical roles with responsibility focused on information security processes, products, and projectsVery strong knowledge in engineering secure systemsExperience with securing cloud environments (MS Azure)Must have excellent documentation, customer‑service, listening, communication and problem‑solving skillsMust be able to implement programs, security technologies and solutions to measure and sustain the security posture of large, complex environmentsExperience with Agile methods (Scrum) and DevOps practices is an assetProfessional certifications such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Information Security Manager (CISM) or equivalent experience is essentialTECHNICAL SKILLS REQUIREMENTS Must have some combination of strong hands‑on experience with at minimum 4 or 5 of the following skills or technologies:Identity and access management systems for hybrid environmentsSecure coding practicesEthical vulnerability research and threat modelingWindows, UNIX, and Linux operating systems security, virtualization technology security, container security and serverless computing securityPrivileged access management systems for hybrid environmentsEDR and/or other endpoint protection technologiesData Classification and DLP solutionsEnterprise vulnerability management, including vulnerability assessment, remediation, and reportingPhishing and social engineeringWHAT YOU WILL DODevelopment of new and innovative ways to solve existing production security issues as well as evaluate new technologies and processes that enhance security capabilitiesDevelops technical security requirements for new products, tools and services envisioned for implementation at BCICollaborates and coordinates with application, operations, and product teams to provide guidance on the development of secure product designs that meet security requirementsAbility to communicate complex security issues and develop security user stories in language that non‑technical stake holders can understandAbility to respond to information security issues at each stage of a project’s lifecycleProactively identifies risks and issues and proposes solutions to remove barriersUndertakes special projects or assignments as requiredAbility to document designs as well as produce technical reports in support of security initiativesApplication Security:Consults on designs, implementations, and maintenance of DevSecOps pipelines that integrate security testing (SAST, DAST, SCA) into CI/CD workflowsWorks with DevSecOps to develop and maintain secure coding standards, guidelines, and training materials for development teamsConducts application security assessments, threat modeling sessions, and architecture reviews for new and existing applicationsChampions security culture by embedding into Agile development teams as a security subject matter expertTriages and prioritizes application security vulnerabilities, working with development teams on remediation strategiesDevelops and maintains security testing automation to enable continuous assurance of application security postureMonitors emerging application security threats, vulnerabilities, and attack techniques to proactively address risksExperience with application security testing tools including Static analysis/SAST, Dynamic analysis/DAST, IAST, and Software Composition Analysis (SCA)Knowledge of secure API design, authentication patterns (OAuth 2.0, OpenID Connect), and API gateway securityExperience with Infrastructure as Code (IaC) security scanning (Terraform, ARM templates, CloudFormation)Knowledge of AI/ML application security considerations, including prompt injection prevention and model securityProfessional certifications such as GWAPT, GWEB, CSSLP, CEH, OSWE, or equivalent experience is an assetLeads and completes security risk reviews on software, SaaS, third party and written codeMonitors emerging AI and ML security threats, vulnerabilities and attack techniques and proposes new solutions to emergent risks in these areasPerforms other related duties as requiredWHERE YOU WILL WORK There is a strong preference forVictoria, BC ; however, we will considerVancouver, BCfor the right candidate, with the expectation of occasional travel to Victoria. We are an in‑person collaborative organization with the flexibility to work remotely one day a week.SALARY RANGE The annualized base salary range for this Victoria or Vancouver based role is CAD $125,000 to $150,000.#J-18808-Ljbffr