Application Security Specialist


We let employees choose between a 4 or 4.5 day work week. We are currently in a pilot stage

Only considering candidates eligible to work in Canada ⚠️

It's our time to scale. It's your time to be part of something big.

Tulip's mission is bold. We're a team of experts who have worked with and for retailers over the past 20 years. We are driven to disrupt an entire industry and enable one of the world's largest job markets.

Tulip has built a retail mobile software platform that empowers leading retailers such as Mulberry, Chanel, Saks Fifth Avenue, Kate Spade, Coach, and Michael Kors to give mobile devices to their store associates so they can elevate service, sell more and provide a personalized experience.

Tulip is a place you come to make an impact, working with like-minded people to build something meaningful using the best technology. We are growing, and while lean is great, we need more people, energy, innovation and talent.

As an Application Security Specialist, you will be planning, implementing and monitoring information security measures designed to measure and protect our information infrastructure. You will be communicating with developers to identify vulnerabilities. Your goal will be to keep us deploying our applications safely and to proactively find and fix problems before they become an issue.

Our security tools include LogRhythm SIEM; AWS CloudWatch Logs; AWS CloudTrail; Google Cloud Platform; osquery; Falco; SonarQube; Rapid7 Insight; BurpSuite, OWASP ZAP. We support a diverse stack including PHP, MySQL, Go, React, Docker, Kubernetes and more

What you’ll do:

  • You will be an information resource for application security for developers - helping them architect and design systems and identify, remove and test vulnerabilities through manual and automated systems
  • You will operate our static and dynamic application scanning systems
  • You will interact with our external pentesters and respond to their reports
  • You will take charge of specific projects to improve monitoring and security systems, seeing them through to completion
  • You will work with our Cloud Platform DevOps team to improve
  • You will run threat modeling sessions with developers and product owners
  • You will participate in incident response and post-mortems

What you bring:

  • 4-6 years of experience in Information Security and Secure Software Development
  • Strong development knowledge - you must be able to talk the language of developers and be able to help them grow their security knowledge
  • Security architecture fundamentals and best practices experience - identity, authentication, authorization, mobile application security
  • Strong technical security knowledge - the OWASP Top Ten; dynamic and static vulnerability scanning; monitoring and alerting; Linux; Apache; nginx; MySQL; Kubernetes; Docker; BurpSuite
  • Knowledge of best practices, including security incident handling best practices, application security “shift left” mentality, threat modeling, and secure software development lifecycle practices


  • Experience with Amazon Web Services and Google Cloud Platform is an asset
  • Experience with Terraform is an asset
  • Security certifications (CISSP, OSCP, etc) are an asset

Tulip has perks, career progress, and an intimate culture. We have:

  • Embraced remote culture! Work remotely, permanently, and full-time.
  • Ability for employees in many roles to choose to work a 4½ or 4-day week.
  • A “workcation” benefit that’ll let you work reduced hours in order to extend your vacations
  • An excellent healthcare plan with no wait time, paid parental leave, and corporate gym rates.
  • A culture of openness and idea generation. We have weekly all-hands and quarterly town halls. We pride ourselves on our transparency and keeping it real. From the most senior to the newest team member, we give you access to decision makers and career-building work.
  • The opportunity to grow and apply new skills be it hands-on or leadership. We prioritize diversity, inclusion, and building a community. We're a little weird but in a good way.

Why we are awesome.

Tulip is hungry and humble. When you join Tulip, you'll be part of a strong, thriving, diverse group of people who come from different disciplines, countries, and experiences. We do what we love and it shows in our unrelenting pursuit of affecting real change. We believe in investing in our people, building positive relationships with our customers, and treating our work like our craft.

Tulip is at the cutting edge of technology. We work with big-name retailers. It's a chance to step up to solving complex technical problems and develop a deeper understanding of the retail world while being part of a niche startup style company. We don't fear failure; we embrace challenges. We're excited about taking the lesser known paths, using the open source tools and keeping up with the pace of evolving tech solutions. It's fun, it's fast, and it's future-focused.

Tulip gives back. Inspired, passionate, and committed people helped make us the successful company we are today. We challenge norms and put people before profits. We believe we can build a great company that changes the technical space while simultaneously giving back to society and the community.

Join us.

Feel like you can't tick all the boxes? If you have some of the skills and experience that we're looking for and are willing to use your talent to learn the rest, we encourage you to apply.

Tulip Retail is strongly committed to equal opportunities in employment. We welcome applications from all minority group members, women, Aboriginal persons, persons with disabilities, members of sexual minority groups, and others who may contribute to the further diversification of Tulip Retail.

Tulip Retail welcomes and encourages applications from people with disabilities. Accommodations are available by request for candidates taking part in all aspects of the selection process.

We are a mobile retail platform built to power the connected store.

Working Week

We let employees choose between a 4 or 4.5 day work week. We are currently in a pilot stage

  • Mon
  • Tue
  • Wed
  • Thu
  • 🏖️

Our Vacation Policy

We have 5 weeks holiday per year in addition to statutory holidays

  • 31 days
  • 52 Fridays
  • 83 days off per year

Remote Working Policy

Tulip employees have the freedom to work remotely, permanently, and full-time from anywhere in the world. We’ve embraced the remote work culture. Work from where you want as long as it works for the Team and our Customers.

  • Canada
  • United States
  • UK
  • Brazil

Company Benefits

  • Health insurance
  • 401(k) company contribution
  • Flexible working hours
  • Generous parental leave
  • Equipment allowance

Our Team

We're a team of 220 across 18 departments:

  • engineering
  • arts and design
  • support
  • information technology
  • sales
  • finance
  • marketing
  • consulting
  • +10 more teams

Desirable Skills and Experience

  • PHP
  • MySQL
  • Go
  • React
  • Information Security
  • Secure Software Development
  • Security Architecture
  • Vulnerability Scanning
  • Monitoring and Alerting
  • Linux
  • Apache
  • nginx
  • Kubernetes
  • Docker
  • BurpSuite
  • Security Incident Handling
  • Threat Modeling
  • SDLC

View more Engineering jobs

Share this job:

Report incorrect data

Let us know if the job has expired