Skip to Main Content

Job Title

App Security Specialist

Company : Cognizant

Location : Toronto, Ontario

Created : 2025-12-17

Job Type : Full Time

Job Description

Job Title - App Security Specialist Location - Hybrid- Toronto. Job Summary 6-9 years total experience in software development and DevOps, with at least 2 - 3 years handson security exposure (secure coding, pipeline security, API security, threat modeling). Must Have Skills - DevSecOps - 7-9 years - Gen AI Security - 10+ Responsibilities - Secure API development - Design and develop RESTful APIs and integrations with strong authentication, authorization, and data protection measures. - Work with PostgreSQL and other RDBMS to query, optimize, and secure data structures against injection attacks, data leakage, and unauthorized access. - Contribute to system architecture with Security by Design, including threat modeling and secure design reviews at the planning stage. - Write scripts to automate security scans, compliance checks, and reduce manual effort in security monitoring and deployment workflows. - Proficiency in Python, JavaScript, Java, or Go with a focus on secure coding standards (e.g., OWASP Top 10 mitigation). - Implement CI/CD pipelines with integrated SAST, DAST, dependency scanning, and secrets management for secure deployments. - Deep application of secure coding frameworks, vulnerability prevention, and industry best practices (OWASP, SANS). - Strong problemsolving and debugging skills for both functional and securityrelated issues in dev, test, and prod environments. - Collaborate closely with developers, operations, and security teams to embed a culture of security across all crossfunctional work. Primary Skills - Secure coding (OWASP Top 10, SANS CWE) - API security (OAuth2, JWT, input validation) - CI/CD security integration (SAST, DAST, dependency scanning) - Programming in Python, JavaScript, Java, or Go - PostgreSQL database security - Threat modeling & secure architecture reviews - Security automation scripting Good to Have - Cloud security (AWS/GCP/Azure) - Container security (Docker/K8s, image scanning) - IaC security (Terraform, Ansible) - Security compliance (SOC 2, ISO 27001) #J-18808-Ljbffr