No longer accepting applications
Info Security Engineer (CISSP) - Threat & Vulnerability
Astra North Infoteck Inc.Toronto, ON, ca30+ days ago
Job descriptionConducts security risk assessments of applications with respect to design and implementation of system and application code Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs. Assist in the development of threat modeling governance documentation. Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps. Develops reports for management concerning residual risk and non-compliance. Monitor and track compliance with application owners to ensure implementation of security controls as planned. Review issued security controls with application owners to ensure identified requirements are implemented. Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
Experience (Years) : 4-6
Essential Skills :
Information Security II
- Experience with threat modeling frameworks, attack vectors and vulnerability analysis : CAPEC, ATT&CK, STRIDE.
- Experience with application security controls (Web, API, Mobile, AI).
- Experience with common information security management and application frameworks : NIST 800-53, CSF, OWASP ASVS.
- Experience with Application Security design and DevSecOps
- Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
- Full stack knowledge of application architectures including : Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
- CISSP, CISM, CSSLP, CISA, CRISC certification
Must-Have
Create a job alert for this search
Info Security Engineer (CISSP) - Threat & Vulnerability • Toronto, ON, ca