Application Security Analyst - Jobs in Regina region

Job Description

Job Responsibilities and TasksThe Offeror shall propose resource(s) that meet the following Job Responsibilities and Tasks for the Application Security Analyst(s)quot;Duties will include, though are not necessarily limited to:Utilizing both automated and manual techniques to test security within applications.Performance of application vulnerability assessments and penetration testing.Responsible for web application and mobile application security testing.Responsible for security testing of web services and APIs.Performance of code reviews on code developed by AMS team, when required.Performance of false positive/negative analysis and providing recommendations to developers.Responsible for protecting all web applications using WAF.The Resource(s) will be expected to develop strong relationships with teams throughout GOS and, utilizing strong collaboration and communications skills, work to further secure all of GOS’s application assets.The resource will be required to participate in consultant performance evaluation as deemed appropriate by the Ministry. quot;Minimum Requirements:Candidate must be a Certified Information Systems Security Professional (CISSP) or a Certified Ethical Hacker.Candidate must be able to work 100% onsite at a Government of Saskatchewan office in Regina, Saskatchewan, effective the contract start date.Local Knowledge GOS is interested in understanding the Resource’s experience with GOS, or comparable entities, as it relates to the technical and business landscape. Describe in detail.This requirement is heavily weighted.Candidate must demonstrate achievements in Application and Information Security outlining that working experience in the private and/or public sectors.Experience should clearly indicate success in identifying, measuring, and mitigating risks related to application development and implementation of websites and applications.This requirement is heavily weighted.Demonstrated working experience with web protocols such as HTTP, HTTPS, and SOAP.Demonstrated working experience with web technologies such as, though not limited to, HTML, JavaScript, XML, AJAX, JSON, and REST.Demonstrated working knowledge of cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard and security testing tools.Demonstrated working experience utilizing vulnerability scanning and analysis as part of a Risk Management Program.Demonstrated working experience in infrastructure risk identification, reporting, and mitigation.Demonstrated working experience in static and dynamic application security testing using automated tools and manual techniques.Demonstrated working knowledge of evaluating Secure SDLC and DevSecOps programs to establish how to embed security activities within.Demonstrated working knowledge of cloud security and cloud-based application architecture and different deployment models.Demonstrated working knowledge of network infrastructure, routing, DNS, and web filtering.Demonstrated working experience with application development/coding security practices.Demonstrate a strong familiarity and working experience with the ISO 27002:2013/2022, or equivalent, code of practice for information security controls.Demonstrated strong interpersonal skills with proven experience working and communicating effectively (both verbal and written) with all levels within an organization.Demonstrated achievement of an undergraduate degree in Computer Science or equivalent combination of experience and education is considered an asset. quot;Job Descriptionquot;CSRM is responsible for managing all things related to IT security including, though not necessarily limited to:Providing interpretation and enforcement of the information security policy and standards.Providing information security education and awareness.Responding to information security Incidents.Performing Threat Risk Assessments (TRAs) for IT-related business initiatives throughout Government.Providing security assessment and overall security requirements oversight for IT-related Solution and Services Procurements.Providing information security advice and guidance for business areas.Evaluating new threats and vulnerabilities. quot;