Application Security Architect Prin

Job Expired

Job Description

Posted Thursday, June 22, 2023

Ceridian is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region.

Our brand promise – Makes Work Life Better™ – is the commitment we make to our employees, our customers and their employees, our partners, and to the communities we operate in around the world. As the pace of change accelerates, our modern technologies help our customers adapt, evolve, and win in today’s borderless, flexible, and skills-based work world.

Dayforce is Ceridian’s award-winning cloud HCM platform. Its single solution, single database, and single continuous calculation engine helps customers achieve increased efficiencies, productivity, and best-in-class compliance. Dayforce is the people platform for the global workforce.

Location: Work is what you do, not where you go. For this role, we are open to remote work and can hire anywhere in the United States or Canada.

About the opportunity
The Ceridian Product Security team is responsible for the code-level security of Ceridian products. We enhance product security via finding, fixing, and preventing security flaws across the Ceridian family of products, including Dayforce, Dayforce Wallet, and others. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams.
As such, we are looking for an Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. Our ideal candidate will be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of Ceridian products.

What you’ll get to do

  • Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and tools
  • As a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top Ten
  • Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
  • Conduct penetration testing using open source and commercial tools
  • Develop scripts and tooling to “shift-left” common security tasks enabling DevSecOps
  • Engage development teams in security feature reviews and threat modeling
  • Contribute to a secure/compliant cloud-native service catalog
  • Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting
  • Foster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.

What’s in it for you

  • Encouragement to be the best version of yourself at and away from work:
  • YOUnity diversity and inclusion programs
  • Amazing time away from work programs
  • Support for your total well-being through our Live Well, Work Well programs targeting all aspects of your life
  • Recognition for your contributions through excellent pay, perks, and rewards
  • Giving where you’re living: volunteer days, Ceridian sponsored events, and our very own charity, Ceridian Cares
  • Opportunities to fuel your career growth through numerous internal and external programs and events

Skills and experience we value

  • Bachelor’s Degree in Computer Science or equivalent experience
  • 7+ years experience in software development
  • 3+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure coding
  • Experience in Threat Modeling using STRIDE, PASTA, or similar
  • Experience with open-source (e.g.Kali Linux) and commercial penetration testing tools
  • Expertise in identifying and remediating OWASP Top Ten vulnerabilities and beyond
  • Expertise with Azure security services as well as Docker/Kubernetes
  • Minimum 1 year of experience with active compliant environments, egPCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.

What would make you really stand out

  • One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferred
  • Background in automated program analysis
  • Experience with .NET and C#
  • DevOps experience with infrastructure, cloud and application pipelines
  • Experience running operational teams

#LI-Remote

Ceridian is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We provide our employees with comprehensive benefits for various life circumstances and needs, great opportunities for career development, and a balanced lifestyle to achieve personal and professional success. We encourage all individuals to apply for positions that fit their passions.

We thank all applicants in advance for their interest in this position; however, only those selected for an interview will be contacted.

About the Salary Ranges 

Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization.
The range provided is in Canadian Dollars.
Fraudulent Recruiting
Beware of fraudulent recruiting activity! If you are contacted by a Ceridian Recruiter or other Ceridian employee, you will be provided with an @ceridian.com email. If you are contacted by someone who uses any other email domain, despite their use of our company logo or company name in their social media handle/profile, the contact could be fraudulent. Please also note, Ceridian will not request or send money and/or a check at any time during the recruiting or hiring process, ask you to order any equipment or supplies, or ask for any sensitive personal data, such as National ID numbers, via email or phone. Sensitive personal data is only collected post-hire, via new hire forms directly in Dayforce. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Ceridian employee, please refer to our fraudulent recruiting statement found here: https://www.ceridian.com/company/corporate/be-aware-recruiting-fraud.
Req #16360

More Information

  • This job has expired!
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X