Application Security Consultant – Google (Mandiant) – Ontario, BC
Mandiant, part of Google Cloud, is looking for an Application Security Consultant to join its proactive services team — a role open to candidates located remotely in Ontario, Alberta, or British Columbia. This is a chance to work alongside some of the most respected minds in cybersecurity, helping organizations around the world stay ahead of sophisticated threats.
In this role, you’ll be conducting web application security assessments, external penetration testing, and mobile application testing while also contributing to the team’s growth through tool development, research, and knowledge sharing. You’ll work directly with client stakeholders — from technical staff to executive leadership — translating complex security findings into clear, actionable guidance.
About the Role: Application Security Consultant
As an Application Security Consultant with Mandiant’s proactive services team, you’ll be at the forefront of helping clients understand and reduce their exposure to real-world cyber threats. Your day-to-day work will involve assessing client networks, web applications, and devices by emulating the latest attacker tactics and techniques. You’ll also provide forensic analysis, threat hunting, and malware triage support for clients navigating complex, high-profile incidents.
This position requires strong collaboration skills and the ability to lead technically complex engagements with cross-functional teams. You’ll present findings and security strategy to a variety of audiences — from legal counsel to C-suite executives — while serving as the technical advocate for information security requirements. Mandiant’s unique position as a leader in threat intelligence and incident response means you’ll be working with some of the most sophisticated security data available in the industry.
Benefits and Salary
The base salary range for this full-time position in Canada is CAD $134,000–$137,000, plus bonus, equity, and benefits. Individual pay is determined by work location and factors including job-related skills, experience, and relevant education or training. Google offers a comprehensive benefits package — visit Google’s benefits page to learn more about what’s included.
Job Details
📌 Job Type: Full-Time
🏢 Company: Google (Mandiant)
📍 Location: Remote — Ontario, Alberta, or British Columbia, Canada
⏱️ Schedule: Full-time, with travel up to 20%
💰 Pay: CAD $134,000–$137,000 base salary + bonus + equity + benefits
Responsibilities
The Application Security Consultant role is hands-on and client-facing. You’ll independently execute high-quality security assessments while contributing to the broader team’s capabilities. Here’s a breakdown of what you can expect to be doing:
- Conduct high-quality external network and web application assessments independently, taking an active role in cloud and mobile application testing
- Develop comprehensive and accurate reports and presentations tailored to both technical and executive audiences
- Recognize and apply attacker tactics, techniques, and procedures safely and responsibly during engagements
- Communicate findings and security strategy to client stakeholders, including technical staff, executive leadership, and legal counsel
- Expand team capabilities through tool creation, research on offensive techniques, and incorporation of threat actor intelligence
- Present internally and contribute to knowledge sharing across the proactive services team
- Travel up to 20% of the time as required by client engagements
Requirements / Skills
Mandiant is looking for a candidate with a solid technical foundation in application security and a track record of delivering quality assessments. The ideal person brings a mix of hands-on offensive security experience, strong communication skills, and a genuine curiosity for staying ahead of evolving threats.
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related technical field — or equivalent practical experience
- 3+ years of experience with techniques and tools used for web application security assessment or mobile security assessment
- Offensive security certifications such as OSWE, BSCP, CWEE, OSCP, or relevant SANS courses are strongly preferred
- 3+ years of experience assessing and developing cybersecurity solutions across multiple security domains (preferred)
- 2+ years of experience with bug bounty programs (preferred)
- Experience in four or more of the following areas: application security, offensive security testing, application development, source code review, exploit development, network protocols, or system and network administration
- Background in security consulting and/or software or web development is an asset
How to Apply
To apply for this Application Security Consultant position with Mandiant at Google, use the link below to access the official job posting. Have your up-to-date resume ready before submitting your application.
Share This Opportunity
Know someone who might be interested? Share this job posting and help them join Google (Mandiant) in a remote role across Canada.
Job Summary & Tips for Applying
Quick Summary & What to Highlight: This Application Security Consultant role at Google (Mandiant) is fully remote and available across Ontario, Alberta, and British Columbia. It’s a strong fit for candidates who excel in web application security assessment, offensive security testing, and client-facing communication. On your resume, emphasize any experience with penetration testing, source code review, or mobile application security, along with certifications like OSWE, OSCP, or BSCP that directly align with Mandiant’s preferred qualifications.
Resume & Application Tips: Before applying, tailor your resume to match the job description. Include keywords like web application security, penetration testing, and threat intelligence that appear throughout the posting. Quantify your achievements where possible (e.g., “conducted 20+ application security assessments annually” or “identified critical vulnerabilities in bug bounty programs resulting in CVE submissions”). A brief cover letter expressing your interest in Mandiant’s proactive services mission and your experience in the cybersecurity consulting space will strengthen your application. Double-check for spelling errors and ensure your contact information is current.
Interview Preparation: Research Mandiant‘s history, recent threat intelligence reports, and Google Cloud’s cybersecurity portfolio before your interview. Prepare specific examples using the STAR method to demonstrate your experience with offensive security assessments, client communication, and cross-functional collaboration. Common questions may cover scenarios involving handling high-profile incidents, communicating technical findings to non-technical executives, or applying attacker TTPs responsibly. Dress professionally for a virtual or in-person interview, arrive (or log on) a few minutes early, and bring or have ready a copy of your resume. Prepare thoughtful questions about Mandiant’s current research focus and team structure. Follow up with a thank-you email within 24 hours of your interview.