Application Security Engineer


Vancouver, British Columbia, Canada

Full time


May 5

The average person spends 90,000 hours of their life working. With Microsoft Viva, our mission is to make that time more meaningful, more balanced and more engaging for the world’s 3 billion+ workers.  Microsoft is investing deeply in the employee experience space in order to address the fundamental shift in how people work today, how they build their careers, and how they find meaning in the workplace.  


Why join our team? 

The Yammer team was one of the first startup unicorns of the past decade and was acquired by Microsoft in 2012.  We retain the benefits of a startup – rapid innovation, cutting-edge technology, outsized individual impact – with the advantages of working for one of the most successful software companies in the world.  In this post-Covid world, employee experience is more important than ever – as employees have a deep need for connection and belonging.  We need your help to create new products that bring community, knowledge sharing and leadership engagement to tens of millions of users spread across the world.   

You will have:  

  • Autonomy and freedom to innovate 
  • Choice of the best of open source and Microsoft-internal technology  
  • The ability to experiment, A/B test, and make data-driven decisions 
  • Tons of opportunity for outsized impact as part of a small but mighty team on a rapidly-growing product needed now more than ever 


At the same time, you also have the benefits of working at a top-tier tech company like Microsoft:  

  • Compensation, benefits, and perks 
  • Internal resources, technology, and opportunities for learning and growth   
  • Brand and networking  
  • Opportunity for massive scale as part of a suite with hundreds of millions of users  


About this job

Our mission is to build trust with both external and internal customers, by building secure & compliant solutions.  As a Yammer Security team member, you will be setting privacy and security controls and design requirements during the feature design & development stage of the software lifecycle. You will also help ensure that privacy and security across all aspects of the software is uniform by setting up checkpoints and reviews.  


Our stack: 

  • Linux on Azure 
  • Java and Ruby micro services, deployed as docker containers 
  • GraphQL, DropWizard, Rails REST APIs 
  • Postgres/CosmosDB/Kafka/RabbitMQ/Redis storage and queuing 
  • Mesos container orchestration, HAProxy-based service mesh 
  • Wavefront metrics, Azure Data Explorer log aggregation, PagerDuty alerting 


  • Privacy and Security assessments of platform, data and clients, through code reviews, automation and security audits. 
  • Implementing privacy and security controls and checkpoints to detect and prevent issues early in the software development lifecycle. 
  • Work with engineering and product teams in the design phase of products and features, conducting threat modeling and performing security architecture and design reviews. 
  • Help engineering and product teams to understand compliance and privacy requirements. 
  • On-call support for security and privacy escalations. 



Required Qualifications  

  • 3+ years of experience in application security engineering. 
  • Outstanding collaboration and partnership skills, with proven ability to drive results across teams. 
  • Experience with application security standards such as OWASP ASVS/Top 10, CWE 25. 
  • Familiarity with common security libraries, security controls, and common security flaws.   
  • Bachelor’s degree in Computer Science, Engineering, or equivalent work experience. 


Preferred Qualifications

  • Understanding of privacy and compliance regulations such as GDPR, CPRA, SOC 2, ISO27k and others. 
  • Experience of privacy, compliance and security audits. 
  • Familiarity with web proxies such as Burp, OWASP ZAP or Fiddler. 
  • Development or scripting experience. Java, Ruby, Ruby On Rails, GraphQL, REST preferred.   

Apply for this position Back to job

You must be logged in to to apply to this job.


Your application has been successfully submitted.

Please fix the errors below and resubmit.

Something went wrong. Please try again later or contact us.

Personal Information


View resume



We're on a mission to empower every person and every organization on the planet to achieve more.