Application Security Analyst, Information Security

We are hiring an Application Security Analyst, Information Security!

The Role:

We're seeking an Application Security Analyst well-versed in risk analysis, vulnerability assessment methodologies, and information security concepts. Your role involves supporting security risk assessments for both internally developed and third-party/open-source software, setting up security processes, and educating various application teams within the organization. You'll be integral in documenting and developing security controls while ensuring compliance with established frameworks.

Reporting To:

Application Security Manager

Full-Time/Part- Time:

Full-time

Posting Date:

March 5, 2024

Closing Date:

April 5, 2024

Hours of Work:

8:30 – 5:00

Grade:

Office Location:

Toronto, ON

Great location! Steps away from the main public transit station

What we offer:

Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!

*Eligibility for benefits is dependent on the terms of employment

What you will do:

• Analyzing and documenting processes, policies, controls, and standards to comply with security frameworks and regulations.
• Understand technical and architectural issues from a security perspective and provide recommendations.
• Performing security reviews and provide insights throughout all phases of software development.
• Support the Application Security Manager in managing internal and external stakeholders related to Application Security.
• Managing and coordinating secure code reviews with stakeholders, encompassing Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST).
• Conducting application vulnerability assessments for web, mobile, webservices and cloud applications
• Performing or overseeing manual/automated application Vulnerability Assessment & Penetration Testing, and subsequently managing technical documentation including VAPT/Application Security tracking and reporting
• Reviewing the configurations to Web Application Firewalls (WAF)
• Work closely with the application development delivery teams to integrate security controls within the development pipeline ensuring an efficient development process with early security control gates.
• Assisting the Security Leadership in collaborating with IT Groups to define, develop, communicate, and implement a comprehensive long-term application security roadmap. This involves creating threat models for web applications and supporting development teams across the agile Software Development Life Cycle (SDLC).
• Assisting in the evaluation, selection, onboarding, and management of AppSec vendors and Solutions

The Requirements Needed:

• Strong grasp of application design and architecture
• Proficiency in manual and automated penetration testing methods/tools (, Burp Suite, Fortify, Backtrack Kali, Metasploit Framework)
• Knowledge of programming languages (.Net, C#, JavaScript, etc.), cloud platforms (, Azure), and database technologies in the security domain
• Familiarity with WAF technologies, security frameworks (OWASP-TOP 10, SANs-TOP 25, CWE), and participation in Bug Bounties & Capture the Flag (CTF) would be beneficial.

Transferable Skills:

• Excellent verbal communication
• Excellent written skills for preparing reports and briefings.
• Excellent analytical reasoning
• Problem-solving approach

Education:

• Post-secondary education, University education and Technical Certifications required.

• Certifications and Skills:

• Preference will be given to candidates to have CISSP.
• Good to have Offensive Security Certified Professional (OSCP)

The team you will join:

Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through our mortgage broker channel and service commercial clients through our national origination team of empowered advisors.

At First National, It’s in our Nature is our rallying cry. It underlies our values, beliefs, and how we show up for each other, our clients, our partners and the community. Our nature defines who we are and guides every decision we make.

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation or any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at .

We would like to thank all applications for their interest, but only candidates selected for an interview will be contacted.

#FNLOON