Specialist Application Security

  • Req ID: 73926
  • Department: Information Services
  • Job Type: Full-Time
  • Position Type: Non-Union
  • Location: Calgary, Alberta
  • Country: Canada
  • % of Travel: 0-10%
  • # of Positions: 1
  • Job Available to: Internal & External
  • Deadline to apply: 10/22/2019



Canadian Pacific is a transcontinental railway in Canada and the United States with direct links to major ports on the west and east coasts. CP provides North American customers a competitive rail service with access to key markets in every corner of the globe. CP is growing with its customers, offering a suite of freight transportation services, logistics solutions and supply chain expertise. Visit cpr.ca to see the rail advantages of CP. 




Canadian Pacific’s Cybersecurity team is seeking a passionate security professional to help us secure our applications and infrastructure systems. You will be responsible for conducting application and infrastructure vulnerability assessments, validating security vulnerability findings and providing advice to both application and infrastructure teams.



The successful candidate will perform the following activities:

  • Educate, evangelize and promote secure coding and software development practices with application teams.
  • Develop, implement and maintain security architecture, directives and standards for application security.
  • Analyze and assess various application security vulnerabilities.
  • Understand the root cause of security vulnerabilities to help teams fix them.
  • Administer and manage various application security and vulnerability management technologies including:
    • HP WebInspect
    • Veracode Application Security Platform.
  • Identify security-related gaps with existing and new applications.
  • Conduct security testing activities on existing and new applications.
  • Work with Enterprise Architecture and Application teams to secure existing and new applications.
  • Advise project and operational teams on good security practices.
  • Provide technical advice and assistance on general cybersecurity related matters.
  • Conduct research to maintain and expand knowledge on the latest cybersecurity technologies and standards.
  • Various other duties as required.




  • University degree or college diploma in an IT or Engineering related field.
  • 3+ years of cybersecurity experience.
  • 3+ years of general information technology experience in domains such as application development, networking or server administration.
  • Strong working knowledge around software development constructs.
  • Understanding of Linux or Windows operating systems, and security and networking concepts.
  • Good communication abilities with technical and non-technical audiences
  • Good analytical, investigative and problem solving mindset.
  • Must be team oriented and at the same able to work with limited supervision.
  • Preference will be given to candidates with some software development experience.




  • Flexible and competitive benefits package
  • Competitive company pension plan
  • Employee Share Purchase Plan
  • Performance Incentive Program 
  • Annual Fitness Subsidy




As an employer with national presence, the possibility does exist that the location of your position may be changed based on organizational requirements.


Background Investigation:

The successful candidate will need to successfully complete the following clearances:     

  • Criminal history check
  • Reference check


Management Conductor Program:

Becoming a qualified conductor or locomotive engineer is the single best way for a management employee to learn the business at CP. You may be required to obtain a certification or to maintain your current certification/qualification as a conductor or locomotive engineer.


CP is an equal opportunity employer committed to the principles of employment equity and inclusion. We welcome applications from all qualified individuals. All applicant information will be managed in accordance with the federal Personal Information Protection and Electronic Documents Act ("PIPEDA").