Application Security Architect Prin

Ceridian is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region.

Our brand promise – Makes Work Life Better™ – is the commitment we make to our employees, our customers and their employees, our partners, and to the communities we operate in around the world. As the pace of change accelerates, our modern technologies help our customers adapt, evolve, and win in today’s borderless, flexible, and skills-based work world.

Dayforce is Ceridian’s award-winning cloud HCM platform. Its single solution, single database, and single continuous calculation engine helps customers achieve increased efficiencies, productivity, and best-in-class compliance. Dayforce is the people platform for the global workforce.

Location: Work is what you do, not where you go. For this role, we are open to remote work and can hire anywhere in the United States or Canada.

About the opportunity
The Ceridian Product Security team is responsible for the code-level security of Ceridian products. We enhance product security via finding, fixing, and preventing security flaws across the Ceridian family of products, including Dayforce, Dayforce Wallet, and others. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams.
As such, we are looking for an Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. Our ideal candidate will be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of Ceridian products.

What you’ll get to do

• Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and tools
• As a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top Ten
• Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
• Conduct penetration testing using open source and commercial tools
• Develop scripts and tooling to “shift-left” common security tasks enabling DevSecOps
• Engage development teams in security feature reviews and threat modeling
• Contribute to a secure/compliant cloud-native service catalog
• Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting
• Foster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.

What’s in it for you

• Encouragement to be the best version of yourself at and away from work:
• YOUnity diversity and inclusion programs
• Amazing time away from work programs
• Support for your total well-being through our Live Well, Work Well programs targeting all aspects of your life
• Recognition for your contributions through excellent pay, perks, and rewards
• Giving where you’re living: volunteer days, Ceridian sponsored events, and our very own charity, Ceridian Cares
• Opportunities to fuel your career growth through numerous internal and external programs and events

Skills and experience we value

• Bachelor’s Degree in Computer Science or equivalent experience
• 7+ years experience in software development
• 3+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure coding
• Experience in Threat Modeling using STRIDE, PASTA, or similar
• Experience with open-source (e.g.Kali Linux) and commercial penetration testing tools
• Expertise in identifying and remediating OWASP Top Ten vulnerabilities and beyond
• Expertise with Azure security services as well as Docker/Kubernetes
• Minimum 1 year of experience with active compliant environments, egPCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.

What would make you really stand out

• One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferred
• Background in automated program analysis
• Experience with .NET and C#
• DevOps experience with infrastructure, cloud and application pipelines
• Experience running operational teams

#LI-Remote