ApplicationSecurityAutomationEngineer

Application Deadline: 06/29/2026 Address: 100 King Street West Job Family Group: Technology **Hybrid work model - 2 days/week in office** The Application Security Automation Engineer reports to the Senior Manager of automated security testing team and supports security testing activities for BMO applications. This role is responsible for leading and maturing the bank’s static application security testing (SAST) capabilities and partnering with application teams to reduce risk through secure coding practices, actionable findings, and integrated controls across the SDLC. Liaises with stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs. Participates in the execution of information security strategy. **Application Security Testing** * Lead end-to-end SAST operations, including intake/scoping, onboarding, configuration, execution, triage, and reporting across diverse technology stacks. * Tune scan tools to reduce false positives and improve signal quality; provide secure code review and root-cause analysis support to development teams. * Contribute to other testing programs (SCA, DAST) and integration into CI/CD workflows as needed to support scan readiness, coverage validation, and triage of results. * Evaluate and adopt AI-assisted capabilities in security scanning/testing tools to improve triage speed, consistency, and remediation guidance. * Assess the security implications of LLM-enabled features on application threat models and emerging risks, e.g. supply chain integrity, prompt-driven workflows, RAG pipelines. * Identify gaps through risk-based assessments; recommend corrective actions for vulnerabilities and weaknesses; and support planning, tracking, and risk acceptance processes in alignment with regulatory expectations. **What you need to succeed:** * Bachelor's Degree in a relevant discipline (Computer Science, Engineering, Math, Cyber Security) * Typically 5-7 years of