Implement and maintain static application security testing (SAST) using Semgrep across our repositories
Job Summary
Implement and maintain static application security testing (SAST) using Semgrep across our repositories.
Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged.
Document secure coding guidelines and help educate developers on security best practices.
Matching Summary
Implement and maintain static application security testing (SAST) using Semgrep across our repositories.
Salary
Base: $133,000-$173,000 CAD/year; Bonus/Equity: additional bonus depending on the position ultimately offered; Benefits: full range of medical, financial, and/or other benefits
Skills & Requirements
Must-have
SAST with Semgrep
SCA with Dependabot
secrets detection with Trufflehog
CI/CD integration with GitHub Actions
vulnerability triage and remediation
OWASP Top 10 understanding
Nice-to-have
security-first mindset
practical engineering understanding
AI coding tools awareness
supply chain attack awareness
developer education
Key Requirements
2+ years experience in application security
Hands-on SAST, SCA, or secrets scanning tools
Familiarity with CI/CD pipelines and GitHub Actions
Experience reading/reviewing code (Ruby, Python, JavaScript, Go preferred)