Senior Information Security Analyst
888 Birchmount Scarborough, ON M1L 4R1
Career opportunity for an Ethical Hacker. Our Financial services client has an amazing opening within its information security group.
• Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.
• Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
• Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives.
The Application Security team has global accountability and is highly supportive of the Bank’ s business, enabling execution of the Bank’ s strategies, operations and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.
Key Job Accountabilities
- Recommend, design, assess, implement, deploy and maintain application security controls required to protect bank and its customers.
- Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
- Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
- Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner.
Skills, Experiences and Functional Competencies
- A strong understanding of multi-tier Web Applications, web services, and related vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
- Must have a comprehensive understanding of the HTTP protocol, System Development Lifecycle (SDLC), and Web Programing for multi-tier web applications and web services.
- Experience with one of the following: JAVA, .Net, Swift, or Objective C, React, AngularJS, Node, js
- Experience performing source code reviews manually or using analysis tools would be considered an asset. Example HP Fortify, IBM AppScan Source, SonaQube, BlackDuck, Sonatype, etc
- Experience in an Agile development workshop and experience with integration tools such as Jenkins, JIRA would be an asset,
- Must have the ability to generate reports and tailor his/her communication strategy for various levels of technical staff, executive management, and business clients. Experience on reporting tools such as Cognos, JasperReport would be an asset.
- Good communication skill and good support skills for triaging and analysis of issues for all development teams
Education and Other Requirements
- CEH, OSCP, OSWE, CISSP and/or CISA designation beneficial but not required.
- University degree or college diploma, or minimum of four (4) years equivalent industry-related experience required
ABOUT ProVision :
ProVision is a leading provider of professional talent to key organisations both private and public throughout Canada. Our services include: contract consulting, contingent permanent search, and retained executive search.
With over 15 years of concurrent exceptional relationships with clients in the financial, government, and software engineering verticals, ProVision has built up an exceptional network of industry leading professionals in the IT, Finance & Accounting, and Human Resources sectors.
We have a team of senior recruitment and account management professionals with a wide array of specialities who can help you with your search for a new assignment, career change, or that hard to find individual to complete your team.
Please get in contact with me, and I’ ll connect you to the right individual. It’ s what we do.