AppSec Jobs
← Back to all jobs

EXFO

Application Security Specialist.

Greater Montreal Metropolitan AreaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About EXFO

EXFO Inc. is a Quebec City-based company founded in 1985 that specializes in developing test, monitoring, and analytics solutions for the global communications industry. The company serves a diverse range of clients, including fixed and mobile network operators, web-scale companies, hyperscalers, and manufacturers of optical components and network equipment. With nearly 40 years of innovation, EXFO has established itself as a leader in the field, maintaining a global presence with 13 production and engineering sites worldwide. EXFO offers a comprehensive portfolio of products, including field network testing tools, lab and manufacturing testing equipment, and service assurance solutions. Their mobile portfolio features network simulators and optical RF test solutions for various mobile networks, from 2G to 5G. The company also provides collaborative cloud-based monitoring and automation through EXFO Exchange. With over 2,000 customers in more than 100 countries, EXFO collaborates with major operators like AT&T and China Mobile to enhance network performance and reliability.

Industry

telecommunications

Employees

1,900

325 engineers

Revenue

$266M

Website

Visit →

Security at EXFO

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • EXFO's Application Security mission is to 'evolve, drive, and execute the strategy to ensure application security.' Their philosophy emphasizes a 'shift-left' approach by providing security expertise during product design phases.
  • They maintain a risk-based mindset, performing assessments at both system and application levels.
  • A core priority is developer enablement through the delivery of detailed reports that include evidence, risk analysis, and remediation guidance to help product teams resolve vulnerabilities.

Security Team

EXFO's Application Security team includes roles such as 'Application Security Specialist' and works closely with IT security specialists. Key public-facing personnel with security oversight or credentials include Amit Dave (Senior Manager, IT leading infrastructure operations in APAC) and Francois Bertrand (Associate CISSP). The team is currently hiring, with at least one active posting for an Application Security Specialist as of April 2026. While specific team size is not publicly available, job requirements emphasize 8+ years of experience and bilingualism (French/English).

Key Initiatives

EXFO utilizes a Secure Software Development Lifecycle (SSDLC) and DevSecOps practices, with documentation stating that their secure development process is 'fully gated.' Active workflows include performing risk assessments and meeting with product teams to discuss vulnerability remediation. While they emphasize 'shifting left' by involving security in the design phase, there is no public evidence of a formal 'Security Champions' program. Specific metrics such as SLAs, MTTR, or recent tool rollouts from the last six months are not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.