Senior Application Security Specialist

Infotek Consuting is searching for a Senior Application Security Consultant - this is a hybrid assignment based in Toronto

Looking for a Security Consultant (minimum 10 years of experience), with Application Security as the focus using any / all of the following tools : Veracode, Checkmarx, NowSecure, Fortify, Snyk, Burp Suite, Zap and working with any of the following domains SAST, MAST, SCA, DAST.

Knowledge of Owasp and Banking / Financial experience are also important

Project : The Security Architect will work closely with development and engineering, devOps, Security Product Management and other application owner teams across the organization to integrate security into the application development lifecycle right from requirements gathering to deployment to monitoring in production.

The role will drive the evolution of application security tooling and processes and define the corresponding strategy and roadmap for the Bank.

Candidate Value Proposition :

Typical Day in the Role :

• Collaborate with stakeholders across the Bank - technology, application security product, security advisory, fraud, compliance and business channel teams - to drive the product features and roadmap in application security domains like SAST, MAST, SCA, DAST etc across the Bank.
• Policies for SCA Security Policies, Licensing Policies and Operational Policies
• Mobile App Publishing coordinate with stakeholders to define the minimum-security requirements for publishing a Mobile app to the App Store (Google Play store, Apple etc)
• Continuously evolve app sec product features based on industry best practices and emerging security threats
• Govern and define DevOps pipeline and developer tooling use cases to integrate with enterprise app sec products
• Will work closely with multiple cross enterprise teams to gather requirements and the adoption of new security products.
• Implementation and operations governance based on the defined enterprise standard solution architecture and design patterns
• Co-ordinate efforts from business and technology teams.
• Communicate regularly with various business channels on the progress made for various projects in the pipeline

Must Have Skills / Requirements :

• 10+ years’ experience in IT Security with focus on application security and / or devops
• 3+ years product management or similar experience with AppSec domains like SAST, MAST, SCA, DAST and / or tools like Veracode, Checkmarx, NowSecure, Fortify, Snyk, Burp Suite, Zap etc
• 3+ years’ experience with documenting process, requirements and product information
• General knowledge of threat modeling, vulnerability management and risk assessment
• General knowledge of OWASP Top 10, Mitre, CVE / CVSS
• 3+ years’ experience in the financial industry

Nice to have Skills :

• Experience with deployment and managing IaaS, PaaS & SaaS solutions
• Experience with infrastructure as code (IaC)
• Experience with API Security
• 3+ years’ experience with popular CI / CD tools like Jenkins, Azure DevOps, GitLab CI / CD, CircleCI
• 3+ years’ experience with CI / CD Pipeline tools and processes like BitBucket / GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
• Experience building business cases demonstrative value of a product and cost-benefit analysis

Security certifications like CISSP