06/29/2026

Address:

100 King Street West

Technology

Other Skills:

• Cybersecurity certification (CISSP, CISSLP, OSCP, GSEC etc.) is an asset
• Experience contributing to SOPs, reusable templates, or security testing playbooks.
• Self-motivated with a positive attitude and an ability to work independently and in a team

The Application Security Automation Engineer reports to the Senior Manager of automated security testing team and supports security testing activities for BMO applications. This role is responsible for leading and maturing the bank’s static application security testing (SAST) capabilities and partnering with application teams to reduce risk through secure coding practices, actionable findings, and integrated controls across the SDLC. Liaises with stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs. Participates in the execution of information security strategy.

Application Security Testing

• Lead end-to-end SAST operations, including intake/scoping, onboarding, configuration, execution, triage, and reporting across diverse technology stacks.
• Tune scan tools to reduce false positives and improve signal quality; provide secure code review and root-cause analysis support to development teams.
• Contribute to other testing programs (SCA, DAST) and integration into CI/CD workflows as needed to support scan readiness, coverage validation, and triage of results.
• Evaluate and adopt AI-assisted capabilities in security scanning/testing tools to improve triage speed, consistency, and remediation guidance.
• Assess the security implications of LLM-enabled features on application threat models and emerging risks, e.g. supply chain integrity, prompt-driven workflows, RAG pipelines.
• Identify gaps through risk-based assessments; recommend corrective actions for vulnerabilities and weaknesses; and support planning, tracking, and risk acceptance processes in alignment with regulatory expectations.

What you need to succeed:

• Typically between 5+ years of relevant experience and a post-secondary degree in Computer Science or Information Systems, or an equivalent combination of education and experience.
• 5+ years hands-on experience with static source code analysis (SAST) tools and dynamic application security (DAST) tools.
• Strong knowledge of common coding languages (e.g. C#, JAVA, JavaScript, TypeScript, Python etc.) and ability to read/write code with minimal oversight.
• 5+ years scripting/automation experience (e.g., Python, Node.js, Bash) to integrate testing and repeatable checks into engineering workflows.
• Working knowledge of OWASP Top 10, and the OWASP Testing Guide or other secure coding frameworks, e.g. NIST Cyber Security Framework (CSF).
• Solid understanding of secure coding frameworks and secure code reviews, code scanning software and vulnerability code scanning processes, network protocols and connectivity, risk-based assessment approach.
• Understanding of information security risk and regulatory requirements.

$82,800.00 - $154,800.00

Salaried

The above represents BMO Financial Group’s pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.

BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards

About Us

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at https://jobs.bmo.com/ca/en.

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.