Senior Application Security Consultant – Google Mandiant – Remote, Canada
Mandiant, part of Google Cloud, is seeking a Senior Application Security Consultant to join its elite proactive security services team — and this role is fully remote across Canada, with eligibility in Ontario, Alberta, British Columbia, and Quebec. If you’re passionate about offensive security, web application assessments, and staying one step ahead of sophisticated threat actors, this is an exceptional opportunity to work with one of the world’s most respected names in cybersecurity.
In this role, you’ll help clients prepare for, mitigate, and respond to advanced cyber threats. From conducting external network penetration tests and mobile application assessments to developing detailed reports for executive stakeholders, every day brings a new challenge. You’ll also contribute to the team’s growth through tool development, threat research, and knowledge sharing — making a real impact on how organizations defend themselves against today’s most sophisticated adversaries.
About the Role: Senior Application Security Consultant
As a Senior Application Security Consultant on the Mandiant proactive services team, you will lead and execute high-quality web application security assessments, external penetration tests, cloud assessments, and mobile application testing. You’ll leverage cutting-edge attacker tactics, techniques, and procedures to simulate real-world threats and provide clients with actionable, technically rigorous findings. Your work will directly shape how organizations across various industries understand and reduce their cyber risk exposure.
This position also carries a strong communication and leadership component. You’ll be expected to present complex cybersecurity findings to audiences ranging from technical staff to C-suite executives and legal counsel. Working alongside cross-functional teams, you’ll serve as a trusted technical advocate for information security requirements and help clients navigate both technically complex incidents and proactive security improvements. Travel of up to 20% may be required.
Benefits and Salary
The Canadian base salary range for this full-time position is CAD $152,000–$156,000, plus bonus, equity, and a comprehensive benefits package. Google’s total compensation philosophy reflects role, level, and location, with individual pay determined by experience, skills, and relevant education. Learn more about the full Google benefits package at Google’s official careers page.
Job Details
📌 Job Type: Full-Time
🏢 Company: Google (Mandiant)
📍 Location: Remote — Ontario, Alberta, British Columbia, or Quebec, Canada
💰 Pay: CAD $152,000–$156,000 base salary + bonus + equity + benefits
⏱️ Schedule: Full-time; up to 20% travel required
Responsibilities
This role is as technically demanding as it is rewarding. You’ll be conducting hands-on security assessments while also contributing to the broader team’s capabilities — from research and tool creation to internal knowledge sharing. Here’s what your day-to-day looks like:
- Conduct high-quality external network and web application security assessments independently, with an active role in cloud and mobile application testing
- Develop comprehensive, accurate reports and presentations tailored for both technical and executive audiences
- Recognize and safely utilize attacker tactics, techniques, and procedures to simulate real-world threats
- Communicate findings and remediation strategies to client stakeholders including technical staff, executive leadership, and legal counsel
- Expand team capabilities through tool creation, offensive technique research, and integration of threat actor intelligence
- Lead complex engagements alongside cross-functional teams, serving as a trusted technical advocate
- Travel up to 20% of the time as client needs require
Requirements / Skills
Mandiant is looking for a security professional who brings deep offensive security expertise combined with the communication skills to translate complex findings into clear, actionable guidance. The ideal candidate has a strong foundation in application security and thrives in dynamic, client-facing environments.
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related technical field — or equivalent practical experience
- 5+ years of experience with techniques and tools used for web application security assessments or mobile security assessments
- Experience in four or more of the following areas: application security, offensive security testing, application development, source code review, exploit development, network protocols, or system/network administration
- Offensive security certifications are a strong asset — OSWE, BSCP, CWEE, OSCP, or relevant SANS courses preferred
- 5 years of experience assessing and developing cybersecurity solutions across multiple security domains (preferred)
- Bug bounty program experience (2+ years preferred), along with a background in security consulting or software/web development
How to Apply
Ready to bring your application security expertise to one of the most respected cybersecurity teams in the world? Apply directly through Google’s official careers portal using the link below. Make sure your application reflects your hands-on experience with penetration testing, security assessments, and any relevant certifications.
Share This Opportunity
Know someone who might be interested? Share this job posting and help them join Google Mandiant in this exciting remote role across Canada.
Job Summary & Tips for Applying
Quick Summary & What to Highlight: This Senior Application Security Consultant role at Google Mandiant in Canada (Remote) is perfect for candidates who excel in web application security assessments, offensive security testing, and client communication. On your resume, emphasize any hands-on experience with penetration testing tools and frameworks, source code review, and cloud or mobile application assessments. If you’ve previously worked in security consulting or a red team environment, highlight specific engagements, methodologies used, and measurable outcomes that align with this position.
Resume & Application Tips: Before applying, tailor your resume to match the job description. Include keywords like application security, offensive security, and web application assessment that appear throughout the posting. Quantify your achievements where possible (e.g., “conducted 30+ web application penetration tests annually” or “identified critical vulnerabilities across 15 client environments”). Write a brief cover letter expressing your genuine interest in Google Mandiant and why you’re excited about contributing to their proactive security services team in Canada. Double-check your application for spelling errors and ensure your contact information and any relevant certifications (OSWE, OSCP, BSCP) are prominently listed.
Interview Preparation: If selected for an interview, research Google Mandiant‘s history, recent threat intelligence reports, and their position within Google Cloud‘s security portfolio. Prepare specific examples using the STAR method (Situation, Task, Action, Result) to demonstrate your offensive security and consulting skills. Common questions may include scenarios about handling complex client engagements, communicating technical findings to executives, and adapting to evolving threat landscapes. Dress professionally for a virtual interview, be prepared to discuss specific tools and techniques you use in assessments, and bring thoughtful questions about the team’s research focus and growth opportunities. After the interview, send a thank-you email within 24 hours reiterating your enthusiasm for the role.