Search jobs > Toronto, ON > Application engineer

Senior Application Security Testing Engineer

BMO
Toronto, ON, CAN
$81.6K-$151.2K a year
Full-time
Part-time

Application Deadline :

11 / 29 / 2024

Address : 100 King Street West

100 King Street West

Job Family Group : Technology

Technology

About the role :

The Application Security Testing Engineer reports to the Lead of DevSecOps and assists with the security testing activities for BMO based applications.

The role will be responsible for the execution and coordination of Static and Dynamic Application Security Testing (SAST / DAST), provides information security consulting services (SAST / DAST Scanning) for BMO overall and businesses / groups.

Liaises with developers and other stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs.

Participates in the execution of information security strategy.

What will you do :

Subject Matter Expertise - Provides technical leadership to business areas as a Security Testing subject matter expert.

Assists with efforts on the execution of security testing operations to include pre-engagement (scoping), engagement (testing) and post-engagement activities (reporting).

Secure Testing - Assists in delivery of security testing projects according to a structured process, to include writing test reports.

This may include oversight and / or execution of the configuration and deployment of security testing software and application of results to security analysis.

Information Security Risk Management - Works with leadership to mature security testing team capabilities including reporting and remediation guidance in alignment with local and global regulatory requirements.

Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses.

Assists with the execution of planning, testing, tracking, and advises on necessary risk acceptance for identified security risks.

Secure Application Development - Assists with the execution of highly technical / analytical security assessments of custom web applications, mid-tier application services, API security testing, backend applications and databases, including manual, custom and industry known attack methods using a risk-based intelligence-led methodology.

Identifies potential misuse scenarios. Advises on secure development practices.

What you need to succeed :

  • Typically between 5 - 7 years of relevant experience and a post-secondary degree in Computer Science or Information Systems or a related field of study or an equivalent combination of education and experience.
  • Knowledge of coding languages (e.g. C#, JAVA, JavaScript, TypeScript, Python etc.) and can code with little oversight
  • Knowledge of different rapid development processes, e.g. Waterfall, Agile, etc.
  • Knowledge of coding vulnerabilities, frameworks, patching processes, Information Security risk and industry best practices, defense concepts, risk-based assessment approach
  • Knowledge of OWASP Top 10, and the OWASP Testing Guide or other secure coding frameworks, NIST Cyber Security Framework (CSF)
  • Understands the principles of secure coding techniques and secure code reviews, code scanning software and vulnerability code scanning processes, network protocols and connectivity.
  • CISSP, CISSLP, GIAC, OSCP, OSWE, GWAPT, GMOB, GPEN, GXPN, GAWN, etc. Certification is an asset
  • Understands the principles of secure coding techniques and secure code reviews
  • Familiar with code scanning software and vulnerability code scanning processes.
  • Familiar with network protocols and networking infrastructure.
  • Familiar with defense concepts.
  • Understanding of a risk-based assessment approach
  • Familiar with CI / CD Integration of AppSec Testing Tools (SAST, SCA, IAST, etc).
  • Familiar with API security

Salary :

$81,600.00 - $151,200.00

Pay Type : Salaried

Salaried

The above represents BMO Financial Group’s pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure.

Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.

BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards.

BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit :

We’re here to help

At BMO we are driven by a shared Purpose : Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people.

By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one for yourself and our customers.

We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs.

From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at .

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives.

Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters : BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property.

BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.

3 days ago
Related jobs
BMO
Toronto, Ontario

The Application Security Testing Engineer reports to the Lead of DevSecOps and assists with the security testing activities for BMO based applications. Assists with the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, API securi...

Magnet Forensics
Ontario

The Security Engineer will be part of the engineering organization and responsible for implementing, managing, and enhancing security measures across our applications, products, and services to protect against potential cyber threats and attacks. Application Security: Design, implement, and maintain...

Deloitte
Toronto, Ontario

Senior Consultants play a significant role throughout project lifecycles where they lead and deliver application security for Oracle Cloud ERP, HCM, SCM and business process controls assessments, and implementations with minimal oversight. Our Application Security specialists design and configure ro...

Maarut Inc
Toronto, Ontario

Experience in vulnerability assessment/penetration testing of web applications by identifying, analyzing and exploiting common vulnerabilities contained in web applications by using manual techniques and automated tools appropriate for enterprise use. Conducts penetration tests, web application vuln...

Scotiabank
Toronto, Ontario

Application infrastructure and architectures; testing and code management. Responsible for the successful implementation and maintenance of complete technology solution for projects supporting Physical and Cloud based platforms and applications with network integration needs across multiple environm...

Deloitte
Toronto, Ontario

Senior Consultants play a significant role throughout project lifecycles where they lead and deliver application security for Oracle Cloud ERP, HCM, SCM and business process controls assessments, and implementations with minimal oversight. Our Application Security specialists design and configure ro...

S.i. Systems
Toronto, Ontario

Project: This role is required to support delivery of multiple initiatives planned under Application and Cloud Security portfolio for FY25. Candidate Value Proposition: Opportunity to join a dynamic team which is running a transformation program as part of cloud acceleration under Application and Cl...

Ansys
Toronto, Ontario

Join the Ansys Customer Excellence team to partner with our customers to engineer what's ahead, solve their real-world engineering problems, deploy Ansys software in their design workflows, and grow Ansys’ business. As a hands-on subject matter expert, you will use expert-level engineering knowledge...

Deloitte
Toronto, Ontario

Senior Consultants play a significant role throughout project lifecycles where they lead and deliver application security for Oracle Cloud ERP, HCM, SCM and business process controls assessments, and implementations with minimal oversight. Our Application Security specialists design and configure ro...

Affirm, Inc.
Canada
Remote

The Senior Product Security Engineer candidate will have experience building and architecting software as part of a larger team. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it!. The ideal candidate will work effective...