Information Security Specialist - Application Security

Apply now »

Date: Apr 28, 2026

Location: Hybrid - Canada, CA Dartmouth, NS (Hybrid), CA Montreal, QC (Hybrid), CA Kitchener, ON (Hybrid), CA Moncton, NB (Hybrid), CA North York - Toronto, ON (Hybr, CA Vancouver, BC (Hybrid), CA Calgary, AB (Hybrid), CA Edmonton, AB (Hybrid), CA Wawanesa, MB (Hybrid), CA

Company: Wawanesa Insurance

 

Job ID: 9997 


Employment Type: Existing Role 

Working Business Language: English. This role is considered a head-office role and will be required to communicate with internal and external stakeholders across Canada where the primary business language for this role is English. As such, the successful candidate must be fully proficient in English.  
 

Salary: At Wawanesa, salary is only one component of a holistic, comprehensive and competitive offering that we provide to our employees. In addition to salary, full-time and part-time permanent employees are eligible for an annual bonus plan, leave of absence top-up programs and provided with generous vacation time, personal days, premium free benefits and pension plan. 
 

The salary offered for this role is determined with consideration to various factors, including but not limited to: your work location, local labour market conditions, external market salary data, internal pay equity and the knowledge, skills, experience and anticipated proficiency in the role. The salary offered is estimated to be within the following range: $110,000 - $130,000. Candidates with salary expectations outside of the range are still encouraged to apply.

 

About Us
At Wawanesa, we offer a hybrid work environment that offers flexibility to our employees in balancing in-office (2 days per week OR 15 hours per week in a Wawanesa office) and remote work. You may work from any of the following locations: Winnipeg, MB; Wawanesa, MB; Vancouver, BC; Calgary, AB; Edmonton, AB; Lethbridge, AB; Toronto (North York), ON; Kitchener, ON; Ottawa, ON; Montreal, QC; Quebec City, QC, Moncton, NB; Dartmouth; NS. 
 

The Wawanesa Mutual Insurance Company (“Wawanesa Mutual”), founded in 1896, is one of Canada’s largest mutual insurers, with over $3.5 billion in annual revenue and assets of $10 billion (CAD). Wawanesa Mutual, with its National Headquarters in Winnipeg, is the parent company of Wawanesa Life, which provides life insurance products and services throughout Canada, and Western Financial Group, which distributes personal and business insurance across Canada. Wawanesa proudly serves more than 1.7 million members in Canada, and we are home to more than 3,300 employees distributed across the Canadian regions and communities where we operate. We give back to organizations that strengthen communities, donating more than $3.5 million annually to charitable organizations, including over $2 million annually in support of people on the front lines of climate change. We are also proud to be recognized as one of Manitoba’s Top Employers. To learn more visit wawanesa.com. 


We are currently looking for dedicated, driven, and enthusiastic individuals who thrive in an environment that welcomes change and are looking for an opportunity for diverse experience and advancement on a growing team.
 

Job Overview

The Information Security Specialist – Application Security role will contribute to Wawanesa’s success by helping to deliver application security services to our enterprise client groups. This role will ensure that Wawanesa’s internal Application and Development teams have the ability to deliver secure products to the organization. 

 

Job Responsibilities

  • Perform evaluations of client systems, web applications, APIs and their supporting networks to discover vulnerabilities
  • Configure, run, and monitor automated security testing tools
  • Review and assess automated security reports
  • Thoroughly document exploit chain/proof of concept scenarios for internal client consumption
  • Assist clients with the design, implementation, and/or monitor security measures for the protection of web applications
  • Identify, define, and/or implement system security requirements for external and internal facing web applications and systems
  • Assist with vulnerability risk assessments
  • Follow established practices and processes
  • Perform role in cyber incident response as required
  • Generate reports based on test findings.
  • Perform other duties as assigned.

Qualifications

  • Bachelor’s degree in computer science, an analytical discipline or equivalent experience
  • 3+ year of web application security testing experience
  • Knowledge of Secure Development best practices
  • Knowledge of Web application vulnerabilities and security considerations
  • Working knowledge of industry standard technical security controls
  • Familiarity with vulnerability assessment and penetration best practices
  • Experience working with Agile software development teams
  • Experience working with secure software development lifecycles
  • Experience with the following:
    • Vulnerability and penetration testing techniques and tools
    • Burp Suite
    • Working with markup, scripting, and programming languages such as HTML, XML, JavaScript, PHP, Python, Bash, C#, Java, and .NET
  • Possess or working towards one of the following certifications:
    • GIAC Penetration Tester (GPEN)
    • GIAC Web Application Penetration Tester (GWAPT)
    • GIAC Certified Incident Handler (GCIH)
    • Offensive Security Certified Expert (OSCE)
    • Offensive Security Certified Professional (OSCP)
    • GIAC Certified Web Application Defender (GWEB)
  • Must have an ability to communicate effectively, both verbally and in writing, to interact effectively with internal teams (such as developers, project team members, and management) to build relationships and use facilitation skills with both technical and non-technical personnel.
  • Knowledge of OWASP top 10
  • Knowledge of OWASP AI top 10
  • Knowledge of SonarQube
  • Knowledge of SAST and DAST tools
  • Ability to work independently and within a team
  • Knowledge of and experience in the insurance industry is considered an asset


Diversity Equity, Inclusion & Belonging

At Wawanesa, we are committed to Diversity, Equity, Inclusion and Belonging (DEIB) and believe that our strength lies in the diversity of our people – this is supported by having a representative workforce.

We welcome applications from all qualified candidates, including racialized persons, women, Indigenous Peoples, persons with disabilities, members of the 2SLGBTQIA+ community, gender-diverse and neurodiverse individuals, and anyone who can contribute to the further diversification of thought and ideas. 
 

We aim to ensure our recruitment process is accessible to all candidates. If you require accommodations during any stage of the recruitment process, please reach out in confidence to jobs@wawanesa.com.
 

All Wawanesa job applicants are subject to Wawanesa's Privacy Policy.

Please note that the recruitment process for this position may involve the use of AI tools to screen, assess, or select applicants. All final decisions are taken or reviewed by human recruiters and human hiring leaders in compliance with all applicable legislation.