Senior Application Security Engineer

Montreal /
Technology – Information Security /
Upgrade is a fintech unicorn backed by a top 10 global bank and other leading fintech investors. Founded in 2017, Upgrade has already delivered $4 billion in consumer credit and achieved $125 million in annual revenue run rate and cash profitability.

Upgrade is building a neobank offering exceptional value to mainstream consumers, including affordable and responsible credit through cards and loans. In 4 short years 10 million people have already applied for an Upgrade Card or loan.

Upgrade has been named a “Best Place to Work in the Bay Area” by the San Francisco Business Times and Silicon Valley Business Journal 3 years in a row, and received “Best Company for Women” and “Best Company for Diversity” awards from Comparably.

We are looking for new team members who get excited about designing and implementing new and better products to join a team of over 400 talented and passionate professionals. Come join us if you like to tackle big problems and make a meaningful difference in people's lives.


    • Evaluation of security technology. methodology, and tools to better the software development life cycle.
    • Help train developers, and QA personnel to the appropriate level of software security knowledge to perform their responsibilities.
    • Improving and supporting application security tool services including static analysis, dynamic testing, software composition analysis tools.
    • Supporting incident response and architecture review processes whenever application security expertise is needed.
    • Managing routine penetration testing services, including both expert consulting and managed services.
    • Providing manual penetration testing and standards gap analysis services to internal business and technology partners.
    • Supporting, Improving and maintaining secure development standards and application security framework projects.
    • Supporting Vendor Management activities to ensure 3rd party software and development meet security standards.
    • Integrating threat modeling practices into the product development life cycle.
    • Providing security requirements for test driven design to assess control effectiveness.
    • Producing metrics reporting the state of application security programs and performance of development teams against requirements.


    • 5+ years of relevant work experience.
    • Experience with agile development processes and have experience integrating secure development practices into the model.
    • Experience writing and testing web applications, mobile applications and microservices.
    • Familiarity with graphQL architecture and security best practices.
    • Basic understanding of authentication and authorization schemes including OAuth.
    • Familiarity with a variety of development and testing tools.
    • Experience working with one or more SAST, DAST, SCA and IAST tools.
    • Ability to explain vulnerabilities and weaknesses, and discuss effective defensive techniques.
    • Experience with cyber security attacks and mitigation methods (red/blue team experience).
    • Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection.
    • Expertise in employing analytics and threat intelligence techniques, Incident response process; Software security.
    • Basic familiarity with python for security tool automation would be a plus.
    • IT supply-chain risk management and assurance; cloud security operations.


    • Competitive salary and stock option plan. 
    • 100% paid coverage of medical, dental and vision insurance. 
    • Unlimited vacation. 
    • Learning stipend for personal growth and development. 
    • Paid parental leave.  
    • Downtown office location near Square Victoria.  
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.