Senior Cyber Security Specialist - Application Security

Requisition ID:  171742 

Career Group:  Corporate Office Careers 

Job Category:  IT Cyber Security Technology & Ops 

Travel Requirements:  0 - 10%

Job Type:  Full-Time


Country: Canada (CA) 

Province: Ontario; Alberta; British Columbia; Nova Scotia  

City: Mississauga / Calgary / Vancouver / Stellarton

Location: Tahoe Office, Calgary Office, King St. Office, Vancouver Office 

Postal Code: T2E 7V8 


Our family of 134,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families.  


A proudly Canadian company, we started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1500 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawton’s Drug Stores or another of our great banners but we are all one extended family. 


All career opportunities will be open a minimum of 5 business days from the date of posting.


We are a growing Canadian company and market leader in grocery and pharmacy nationally and in communities across the country, with an opportunity to impact more than 20 banners and 1500 stores. Our family of over 134,000 teammates and franchise affiliates are on a mission to nurture the things that make life better – great experiences, families, communities, and our teammates. 

Ready to make an Impact? 

We’re expanding our Cyber Security team as we embark on a five-year transformation to bring our Security capabilities to the next level. Watch our Director of Cyber Security, Angela Mathies, discuss our exciting work and why she chose Sobeys:

You are a builder, influencer, and change agent

In this exciting role, your main responsibilities and/or function within the Cyber Security Operations team will be to possess the technical acumen to successfully execute threat modeling & related tools, DevSecOPS integration, and expert knowledge in SAST / DAST tooling/processes/procedures.  This means that you will have intimate knowledge and experience regarding the software development life cycle (SDLC) and integration of application security into the DevOps pipeline. This will account for at least 50% of your day-to-day activities / responsibilities.

In addition to the above, you will be working alongside a team of high performing, 24x7 on-call Cyber Security Operations professionals who are skilled and knowledgeable regarding all facets of Cyber Security and technology. You will be performing investigative research, analysis and troubleshooting to identify, resolve, and report complex Cyber Security related issues and/or incidents. This includes carrying out risk analysis and evaluating mitigation strategies for Cyber Security vulnerabilities all while conducting threat simulations to detect possible risks and provide recommendations. Additionally, you will have the skills to investigate and troubleshoot various security platforms (but not limited to) firewalls, identity platforms and endpoint detection & response (EDR).

Lastly, you are skilled at understanding and following written risk and compliance policies / procedures to provide proper guidance to the business and our stakeholders.


Sobeys Inc. is investing big in technology – Join us and invest in your future

We are on a journey to completely transform how we do business, and we offer a hybrid work model with the opportunity for additional flexibility. 

Join us and you’ll be working with:

    • Excited about developing cyber security requirements into multi-year, complex programs / projects to ensure security is embedded at the onset of any project
    • Take pride in your ability to protect complex technology ecosystems from increasingly sophisticated threats
    • Are confident in your ability to learn new technologies and easily adapt to a constantly evolving threat risk environment


This is an outstanding opportunity to join a leading Canadian company with a clear vision of their future in Cyber Security.  Are you ready to be part of this success story? #cyberatsobeys #DigitalatSobeys #LI-Hybrid


What you bring to the table:   

•    Expert in all facets of application security including: SAST/DAST testing, threat modeling and working with the development team/s on the remediation plans of known vulnerabilities
•    Expert in the continuous monitoring and improvement of an organization's security posture while preventing, detecting, analyzing and remediation of Cyber Security incidents
•    Experienced in supporting the evolution of a Cyber Security Operations program through continuous updates to Cyber-related documentation including incident playbooks, policies, standards, procedures, and guidelines
•    Technical expertise working in multi-cloud (Azure, GCP etc.) security environments
•    Ability to understand emerging Cyber Security threats and risks to our cloud and on-prem environments and develop solutions to mitigate
•    Excellent communication skills, analytical thinking skills and ability to work in a fast-paced environment
•    Enjoys working in collaboration with our internal Cyber Security teams to constantly improve and evolve our Cyber Security Operations program to be best of breed
•    Ensure all Cloud and Cyber Security technologies are integrated into our SIEM and advise on the development of new use cases or provide updates to existing use cases

What you have to offer: 


•    An undergraduate degree or diploma in computer science, engineering, or related technical discipline
•    4-5+ years of industry experience working in Cybersecurity operations
•    4-5+ years troubleshooting various Cybersecurity platforms (firewalls, IGA, PAM, EDR...etc.)
•    3+ years of experience with SAST and DAST, DevSecOps and SDLC

Nice To Have:

•    CCSP, CISA, CISSP, CISM, or similar industry certification, is preferred
•    Experience creating scripts (ie. Python) to automate manual processes
•    Knowledge working in a complex retail technology environment, is desired
•    1+ year securing multi-cloud (Azure, GCP…etc.) environments
•    Familiarity providing Cyber operations sustainment criteria and provide input as part of large-scale business-related projects

Sobeys is committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process.



While all responses are appreciated only those being considered for interviews will be acknowledged.


We appreciate the interest from the Staffing industry however respectfully request no calls or unsolicited resumes from Agencies.