Application Security Analyst

Minimum Requirements :

• Resource must have a minimum of five (5) years Application Development and / or Web Application Security experience testing and mitigating risks related to web applications and websites development.
• Resource must have experience with web protocols including HTTP, HTTPS, and SOAP.
• Resource must have experience in static and dynamic application security testing using SAST / DAST tools and manual techniques.
• Resource must have experience with cybersecurity standards such as CIS Open Web Application Security Project (OWASP) Application Security Testing and NIST 800-95 Standards.
• Resource must have experience with secure communication, authentication and encryption protocols such as SAML, OAuth2, LDAP, TLS / SSL Standards.

Background :

Enterprise Security is responsible for all aspects of security within the organization including cyber, physical, and personnel security.

We operate with our partners in the SCADA and Automations teams to provide security to the Industrial Control Systems, along with our partners in Information Systems to secure the corporate IT infrastructure.

SaskEnergy Enterprise Security department continues to expand its scope of practice.

Job Description :

SaskEnergy is seeking one (1) Application Security Analyst with broad technical and security-based backgrounds to join the Enterprise Security Team.

Typical activities in this role include but are not limited to :

• Recommend and test security controls within applications using both automated and manual techniques.
• Perform web application vulnerability assessments and penetration testing.
• Perform Cloud security testing and configuration validation across major cloud platforms including Azure, Oracle Cloud Infrastructure, and AWS.
• Conduct security testing for mobile operating systems and applications.
• Perform security testing on web services and Application Programming Interfaces (APIs).
• Conduct code reviews and support secure code repositories.
• Test and validate configurations of web applications behind Web Application Firewalls (WAF).
• Promote visibility into applications with security tools such as SIEM.
• Perform Cyber Incident monitoring and security incident response.

The successful Application Security Analyst will have :

• 5+ years of Application Development and / or Web Application Security experience testing and mitigating risks related to web applications and websites development in private and / or public sectors.
• Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), CEH, GIAC GWEB, and / or Cloud certifications such as Azure Microsoft Certified Azure Developer Associate would be considered beneficial.
• Experience with web protocols including HTTP, HTTPS, and SOAP.
• Experience with cybersecurity standards such as CIS Open Web Application Security Project (OWASP) Application Security Testing and NIST 800-95 Standards.
• Experience in static and dynamic application security testing using SAST / DAST tools and manual techniques.
• Experience evaluating security controls in SDLC and DevSecOps programs.
• Experience with cloud security and cloud-deployment models.
• Experience with Authentication Protocols such as SAML.

NOTE : Above should be clearly detailed within submitted Resume.

The key knowledge areas and skill set required are as outlined in Appendix C Supplementary Specifications. North American job experience is considered an asset for this proposal.

Proponents are encouraged to provide specific and qualitative verbiage of other areas where their expertise can add value to our teams and make our projects as successful as possible.

We are looking for a well-rounded Application Security Analyst to fill this role.

The preference for start date is as soon as possible. The initial term for this role will conclude on March 31, 2025 , after which SaskEnergy will evaluate its ongoing requirements and potentially extend the term for this resource in accordance with the terms and conditions of the SaskEnergy Technology Master Service Agreement (TMSA).

SaskEnergy’s preference is for the resources to be able to work and be located full-time on site at SaskEnergy Head Office in Regina, SK (Monday to Friday 8 am to 5 pm).

CONTRACT DURATION :

The Contract will be effective for an initial term commencing on award date and ending on March 31, 2025. After which, SaskEnergy will evaluate its ongoing requirements and may have the option to renew the Contract for successive one (1) year terms, a maximum of four (4) times.

J-18808-Ljbffr