Job Title

Overview Beem Credit Union: Banking for every journey Beem is redefining what it means to be a credit union. With 80 years of cooperative history and a bold vision for the future, weve united to create a financial partner that offers both digital ease and people-first service. Our mission is clear: financial wellness for all. We help British Columbians achieve their goals through personalized advice, innovative technology, and genuine human connection. As one of BCs largest credit unions, we serve over 200,000 members across 66 branches with $18 billion in assets under administration . If youre passionate about making a difference and want to join a team that values collaboration, innovation, and purpose, join us on the journey. Learn more: www.beemcreditunion.ca What this role is all about The Senior Application Security Specialist will strengthen Beem''''s security posture across applications, APIs, and cloud-native platforms by driving secure design, advanced application security testing, and modern vulnerability management practices. This role requires deep expertise in secure coding practices, threat modeling, application security tooling, and cloud security principles to ensure Beem''''s digital products are built and operated with engineering-first, financial-grade rigor. As a key partner to engineering, product, and platform teams, you will develop, coach, and embed secure-by-design principles throughout the SDLC for both in-house and externally developed solutions. You will conduct hands-on security reviews and lead the integration of automated security controls across the organization. You will also play a critical role in maturing Beem Credit Union''''s containerization efforts and security posture - enhancing runtime observability and controls at various layers, developing production-ready application security automations in code, and implementing practical solutions across hybrid environments. You will provide guidance, training, and contributions to security governance frameworks, partnering with internal teams to drive measurable improvements in product and platform outcomes. This role is open to hybrid working arrangements within British Columbia. What youll do Application Security & Secure-by-Design Lead shift-left strategy by embedding security expectations, controls, and testing earlier in the SDLC-driving measurable reductions in defects and rework. Define and maintain Beems secure-by-design standards for applications, APIs, and microservices, ensuring engineering teams consistently adopt secure coding and architecture patterns. Establish a repeatable, scalable threat modeling practice and operationalize it across product and engineering teams to identify risks early and guide design decisions. Partner with Enterprise architecture and product teams to shape application designs, ensuring security requirements, abuse cases, and mitigation strategies are built into both waterfall and agile delivery teams from the outset. Provide security guidance on API security, authentication flows, authorization patterns, data handling, and privilege boundaries, influencing the long-term direction of digital product development. Application Security Testing & Vulnerability Management Own the operating model for application security testingmanual assessments, SAST, DAST, SCA, API testing, and code reviewsensuring repeatable, scalable processes across teams. Drive the vulnerability lifecycle from discovery to remediation, applying strong judgment to risk ranking, exception handling, and cross-team prioritization. Coordinate internal and external penetration testing activities, ensuring findings translate into actionable, timely improvements. Design and optimize CI/CD-integrated security scanning workflows to shorten detection time and improve developer experience. Build automation that removes operational friction in security testing, monitoring, and control enforcementimproving scale and reducing manual dependencies. Evaluate, select, and operationalize new security technologies, ensuring tools integrate cleanly with development workflows and provide measurable risk reduction. Drive continuous improvement of the AppSec tooling ecosystem and align tool usage to the annual operational plan. Security Consulting & Governance Act as the organizations senior expert and trusted advisor on secure coding, application architecture, API security, and risk reduction strategies. Lead the creation and evolution of security standards, development guidelines, and governance frameworks, translating strategic direction into practical controls. Provide mentorship and technical leadership to engineering teams, elevating their security capability and reinforcing secure design as an engineering norm. AI Security Lead the development of secure-by-design controls for AI-enabled applications, including LLM integrations, model APIs, RAG pipelines, and automated decisioning systems. Establish governance and technical guardrails for safe AI adoptioncovering data handling, prompt injection resistance, output validation, model access controls, and monitoring for abuse. Partner with product, engineering, and data science teams to conduct threat modeling specific to AI/ML workflows and identify attack surfaces such as model poisoning, data leakage, and adversarial prompts. Define and operationalize testing patterns for AI features, including red-teaming, safety testing, and security evaluations of third-party AI services or embedded models. Contribute to enterprise AI governance frameworks by providing expert insight on secure architecture, risk assessments, and the lifecycle management of AI systems. Evaluate emerging AI-security tools and techniques and integrate them into development pipelines where they enhance safety, integrity, or compliance. Cloud & Infrastructure Security Establish and maintain security baselines for cloud-native workloads (Azure, AWS), aligning operational standards with platform strategy and business needs. Partner with infrastructure and platform engineering to harden Kubernetes clusters, containerized environments, and supporting IaC patterns. Define and govern secure practices for secrets management, encryption standards, identity flows, and configuration hygiene across environments. What you''''ll bring 7+ years of experience in Application Security, DevSecOps, or Security Engineering, with expert depth in at least two major domains (e.g., AppSec testing, cloud security, Kubernetes security, or secure architecture). Strong hands-on experience with SAST, DAST, SCA, API security testing, manual review practices, and modern SDLC integration patterns. Deep understanding of OWASP Top 10, API Security Top 10, secure coding patterns, threat modeling methodologies, and common attack techniques. Proven experience securing workloads in AWS or Azure, with strong familiarity of cloud-native architectures and shared responsibility models. Advanced knowledge of cryptography concepts, PKI, certificate lifecycle management, and secrets handling. Practical experience with container ecosystems (Docker, Kubernetes) and IaC frameworks. Ability to collaborate cross-functionally, communicate effectively with technical and business teams, and influence security best practices. Agile mindset with a continuous improvement approach to enhance threat detection, response, and security governance. Your Total Rewards At Beem, we believe great work deserves great rewards. Thats why weve built a Total Rewards package thats more than competitiveits designed to help you shine. From your pay to your peace of mind, weve got your back. Compensation Annual salary range: $123,000 - $137,000 Your pay reflects the skills, experience, and unique strengths you bring. We review salaries every year. Performance and recognition Your success is Beems success. We reward great performance through recognition and, where applicable, performance bonuses tied to shared goals. Health and wellness We''''re invested in your well-being Extended health coverage, including mental health support. Dental care that keeps you smiling. Disability coverage for peace of mind. Time away: Rest isnt extraits essential Take the time you need to relax, explore, or just catch up on life, with vacation and personal days. Retirement and financial well-being Your future self will thank you. Generous RRSP contributions. In-house financial advice to help you plan ahead. Flexible options to add your own contributions. Beem member perks Little extras that make a big difference. Free banking accounts. Special mortgage and lending rates. Preferred financial perks. The bottom line Your Total Rewards arent just a packagetheyre a reflection of our values. We build together by celebrating success, own it by investing in your growth, and keep things welcoming by making sure you feel supported at work, at home, and wherever your journey takes you. At Beem we are BOLD and Always Welcoming and our values are at the forefront of everything we do! Build Together: You are a team player who thrives on collaboration, sparks ideas, and fosters inclusivity. Own It: You are ready to take charge, drive change, and deliver outstanding results. Lead with Agility: You are a dynamic, adaptable thinker who thrives on challenge and innovation. Driven by Curiosity: You are eager to explore, learn, and shape the future. Ready to join? Visit us at www.beemcreditunion.ca to learn more about what its like to work for Beem Credit Union! We sincerely thank all applicants for their interest; however, only shortlisted candidates will be contacted for an interview. We at Beem Credit Union are committed to ensuring inclusive employment practices and an accessible business environment for our employees. We do not discriminate based on any protected attribute covered by the Human Rights Code and encourage all qualied candidates to apply. We are committed to a fair and equitable hiring process for all candidates. All applications are reviewed by a member of our team. Beem Credit Union serves communities across many traditional Territories and Treaty areas in British Columbia. We are grateful to live and work on this land and are committed to reconciliation, decolonization, and building strong, connected relationships. #J-18808-Ljbffr