Senior Application Security Consultant – Google Mandiant – Ontario, BC, AB, QC
Mandiant, part of Google Cloud, is on the lookout for a Senior Application Security Consultant to join their elite proactive services team — and this role is fully remote eligible across Canada, including Ontario, Alberta, British Columbia, and Quebec. If you thrive in high-stakes cybersecurity environments and are passionate about staying ahead of adversaries, this could be your next career-defining move.
In this role, you’ll be at the front lines of web application security assessments, external penetration testing, and mobile application testing, all while helping clients proactively defend against sophisticated cyber threats. You’ll work alongside cross-functional teams, contribute to tool development, and share your expertise through research and internal knowledge-sharing — all in one of the most respected names in cybersecurity consulting.
About the Role: Senior Application Security Consultant
As a Senior Application Security Consultant at Mandiant, you’ll be responsible for helping clients prepare for, mitigate, and respond to cyber security threats. This encompasses a broad range of technical engagements — from navigating complex incidents and performing forensic analysis to emulating the latest attacker techniques during network and application assessments. You’ll also be a key voice in translating complex security concepts for both technical contributors and executive leadership.
Beyond client engagements, you’ll actively expand your team’s capabilities through offensive security tool creation, research into emerging attack techniques, and the incorporation of threat actor intelligence. Collaboration and mentorship are central to the role — you’ll be expected to drive progress and support more junior team members as the team grows.
Benefits and Salary
Google offers a competitive compensation package for this full-time senior position. The Canada base salary range is CAD $152,000–$156,000, in addition to bonus, equity, and a comprehensive benefits package. Google is well known for its outstanding employee benefits, which you can explore directly on their benefits page. This is a genuinely strong total compensation offering for a seasoned cybersecurity professional.
Job Details
📌 Job Type: Full-Time
🏢 Company: Google (Mandiant)
📍 Location: Remote — Ontario, Alberta, British Columbia, Quebec, Canada
💻 Work Model: Remote Eligible
💰 Pay: CAD $152,000 – $156,000 base salary + bonus + equity + benefits
✈️ Travel: Up to 20% as needed
Responsibilities
This role demands a hands-on approach to offensive security testing and client advisory. Day-to-day, you’ll be conducting technical security assessments, crafting detailed reports, and engaging stakeholders at every level — from developers to C-suite executives. Here’s a closer look at what you’ll be doing:
- Conduct high-quality external network and web application assessments independently, with an active role in cloud and mobile application testing
- Develop comprehensive and accurate reports and presentations tailored to both technical and executive audiences
- Recognize and apply attacker tactics, techniques, and procedures in a safe and controlled manner
- Communicate findings and strategic recommendations to client stakeholders, including technical staff, executive leadership, and legal counsel
- Expand the team’s capabilities through tool creation, research on offensive techniques, and incorporation of threat actor intelligence
- Share knowledge through internal presentations and mentoring of more junior team members
- Travel up to 20% of the time to support client engagements as needed
Requirements / Skills
The ideal candidate brings a strong foundation in application security and hands-on experience with offensive security methodologies. Mandiant values professionals who are curious, technically rigorous, and capable of communicating complex ideas clearly to diverse audiences. Here’s what you’ll need to succeed:
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, a related technical field, or equivalent practical experience
- 5+ years of experience with techniques and tools used for web application security assessment or mobile security assessment
- 5 years of experience assessing and developing cybersecurity solutions across multiple security domains (preferred)
- Offensive security certifications such as OSWE, BSCP, CWEE, OSCP, or relevant SANS courses (preferred)
- 2 years of experience with bug bounty programs (preferred)
- Experience in four or more of the following: application security, offensive security testing, application development, source code review, exploit development, network protocols, or system and network administration (preferred)
- Background in security consulting and/or software or web development (preferred)
How to Apply
Ready to bring your application security expertise to one of the most respected cybersecurity teams in the world? Apply directly through Google’s official careers portal to be considered for this Senior Application Security Consultant position with Mandiant. Make sure your resume highlights your relevant security assessment experience and any certifications that showcase your offensive security capabilities.
Share This Opportunity
Know someone who might be interested? Share this job posting and help them join Google Mandiant in this exciting remote role across Canada.
Job Summary & Tips for Applying
Quick Summary & What to Highlight: This Senior Application Security Consultant role at Google Mandiant in Canada (remote) is perfect for candidates who excel in web application penetration testing, offensive security methodologies, and client-facing security consulting. On your resume, emphasize any experience with application security assessments, source code review, and mobile security testing, attention to detail, and your ability to work in a fast-paced, high-stakes cybersecurity environment. If you’ve previously worked in security consulting or red team operations, make sure to highlight specific engagements and measurable outcomes that align with this position.
Resume & Application Tips: Before applying, tailor your resume to match the job description. Include keywords like web application security assessment, offensive security testing, and threat actor intelligence that appear in the posting. Quantify your achievements where possible (e.g., “conducted 20+ web application security assessments annually” or “identified critical vulnerabilities across 15 client environments”). Write a brief cover letter expressing your genuine interest in Mandiant and why you’re excited about contributing to their proactive services team. Double-check your application for spelling errors and ensure your contact information is current — and list any relevant certifications like OSWE, OSCP, or SANS prominently.
Interview Preparation: If selected for an interview, research Google Mandiant‘s threat intelligence reports, recent cyber incident response cases, and their position within Google Cloud’s security portfolio. Prepare specific examples using the STAR method (Situation, Task, Action, Result) to demonstrate your technical assessment and communication skills. Common questions may include scenarios about handling complex client engagements, identifying novel attack vectors, and presenting findings to non-technical executives. Dress professionally for a cybersecurity consulting environment, be ready for a technical assessment component, and bring copies of your resume. Prepare thoughtful questions about the team’s current research focus, tooling, and growth paths within Mandiant. After the interview, send a thank-you email within 24 hours reiterating your enthusiasm for the role.