Application Security Analyst

Application Security Analyst

Contract Duration years

Job Overview :

• Our client is looking for one () or more Application Security Analyst(s) to join and contribute to the many cyber security initiatives within the Cyber Security Maturity Program and as otherwise directed by the Branch.
• CSRM is responsible for managing all things related to IT security including, though not necessarily limited to :
• Providing interpretation and enforcement of the information security policy and standards;
• Providing information security education and awareness;
• Responding to information security Incidents;
• Performing Threat Risk Assessments (TRAs) for IT-related business initiatives throughout Government;
• Providing security assessment and overall security requirements oversight for IT-related
• Solution and Services Procurements;
• Providing information security advice and guidance for business areas;
• Evaluating new threats and vulnerabilities.

Job Responsibilities :

The Cyber Security and Risk Management Branch intends to hire one () or more qualified Application Security Analyst(s) whose duties will include, though are not necessarily limited to :

• Utilizing both automated and manual techniques to test security within applications.
• Performance of application vulnerability assessments and penetration testing.
• Responsible for web application and mobile application security testing.
• Responsible for security testing of web services and APIs.
• Performance of code reviews on code developed by the AMS team, when required.
• Performance of false positive / negative analysis and providing recommendations to developers.
• Responsible for protecting all web applications using WAF.
• The Resource(s) will be expected to develop strong relationships with teams throughout GOS and, utilizing strong collaboration and communications skills, work to further secure all of GOS's application assets.
• The resource will be required to participate in consultant performance evaluation as deemed appropriate by the Ministry.
• Familiarity with GOS or comparable entity, technical, and business landscape will be evaluated.

Must Haves :

• Candidate must be a Certified Information Systems Security Professional (CISSP) or a Certified Ethical Hacker.
• Candidate must be able to work % onsite at a Government of Saskatchewan office in Regina, Saskatchewan, effective the contract start date.

Scored Requirements :

• GOS is interested in understanding the Resource's experience with GOS, or comparable entities, as it relates to the technical and business landscape. Describe in detail.
• Candidate must demonstrate achievements in Application and Information Security outlining that working experience in the private and / or public sectors.
• Demonstrated working experience with web technologies such as, though not limited to, HTML, JavaScript, XML, AJAX, JSON, and REST.
• Demonstrated working knowledge of cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard and security testing tools.
• Demonstrated working experience utilizing vulnerability scanning and analysis as part of a Risk Management Program.
• Demonstrated working experience in infrastructure risk identification, reporting, and mitigation.
• Demonstrated working experience in static and dynamic application security testing using automated tools and manual techniques
• Demonstrated working knowledge of evaluating Secure SDLC and DevSecOps programs to establish how to embed security activities within.
• Demonstrated working knowledge of cloud security and cloud-based application architecture and different deployment models.
• Demonstrated working knowledge of network infrastructure, routing, DNS, and web filtering.
• Demonstrated working experience with application development / coding security practices.
• Demonstrate a strong familiarity and working experience with the ISO : / , or equivalent, code of practice for information security controls.
• Demonstrated strong interpersonal skills with proven experience working and communicating effectively (both verbal and written) with all levels within an organization.

Note :

Onsite : Due to security restrictions work is to be performed % onsite at the Regina offices.

About the Company :

Our client provides central coordination and delivery of property management, information technology, procurement, project management, transportation, and other services to government ministries and agencies.

gttca

LI-Onsite