Application Security Specialist - Jobs in Vancouver, BC

Job Description

Company DescriptionCentral 1 is the partner of choice for financial, digital banking and payment products and services – fueling the success of businesses across Canada. We leverage our scale, strength and expertise to power progress for more than 250 credit unions and other financial institutions, enhancing the financial well-being of more than five million customers from coast to coast. For more information, visit Central1.comBecause of COVID19, all Central1 offices are currently closed to non-essential employees. This role will see you working remotely until our offices are reopened. The timeline to reopen is still under consideration, as are our future remote working policies.Job DescriptionThe Application Security Specialist will have extensive experience in full stack Java development, be comfortable articulating the principles of secure coding to the Development and Technology teams within Central 1, and enjoy identifying and remediating application vulnerabilities for breakfast. The ideal candidate is expected to improve the security posture of Central 1’s application portfolio through not only the direct application of their skills in the areas of Threat modelling, Secure coding methodology and Application Vulnerability testing, but also in educating others to build our Information Security capabilities across the organisation.The ability to adapt to a varied audience and work well with others is a key component in this role, as project teams will rely on the resource’s experience and analytical skills to effective identify and prioritize threats and both suggest and coach the development of effective controls. In order to effectively report and assess security capabilities, the ideal candidate will be responsible for maintaining and growing the penetration and application vulnerability testing program at Central 1. They should be familiar with commercial off the shelf testing tools such as vulnerability scanners, intercepting proxies and be capable of writing exploits using a language of their choosing.Additional responsibilities may include involvement in the implementation of new security solutions, leading in the creation of security architecture documentation and/or maintenance of policies, standards, baselines, and guidelines.ResponsibilitiesStrategy & PlanningFacilitate Threat Modelling and Risk assessments at both a product and project levelParticipate in the planning and design of enterprise security architecture, under the direction of the Information Security Manager, where appropriate.Participate in the creation of enterprise security documents (architecture blueprints, policies, standards, baselines, guidelines and procedures) under the direction of the Information Security Manager, where appropriate.Provide oversight and contribute to the design and deployment of application solutions within Central 1 to ensure they are carried out following industry standard best practices.Acquisition & DeploymentMaintain up-to-date detailed knowledge of the information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.Develop secure testing strategies for new application deployments.Operational ManagementParticipate with investigations into problematic activity, triage vulnerable application components and validate fixes provided to mitigate existing vulnerabilities.Provide a leadership role in the design and execution of vulnerability assessments and penetration tests.Operational ManagementParticipate with investigations into problematic activity, triage vulnerable application components and validate fixes provided to mitigate existing vulnerabilities.Provide a leadership role in the design and execution of vulnerability assessments and penetration tests.QualificationsUniversity degree and 7 years Information Technology related work experience, ideally with 5 or more years spent working in a web application development function and 2 or more years working on application securityOne or more of the following certifications is preferred:(ISC)2 - CISSP, or CSSLPGIAC - GSEC, GCIH, GCIA, GCFE, GWAPT or GPENOSCP, OSWPKnowledge & ExperienceExperience with threat modelling techniques such as STRIDE.Experience with Java development including secure coding practices and building exploits to target weak code.Experience deploying and supporting complex web application environments.Experience with Web Application Security Testing.Experience developing applications in the financial services environment.Experience with two or more of the following scripting languages: Perl, Python, Ruby, Bash and PowerShell.Detailed understanding of OWASP Top 10 and SANS Top 25.Strong understanding of IP, TCP/IP, and other network administration protocols.Strong understanding of Windows, Linux, and Mac operating systems.Familiarity with incident management, issue tracking systems, and ISO 27001.Personal AttributesProven analytical and problem-solving abilities.Ability to effectively prioritize and execute tasks in a high-pressure environment.Good written, oral, and interpersonal communication skills.Ability to conduct research into information security issues and products as required.Ability to present ideas in business-friendly and user-friendly manner.Highly self-motivated and directed.Keen attention to detail.Team-oriented and skilled in working within a collaborative environment.Additional informationWork ConditionsOn-call availability as occasion requires.Some occasional travel may be required.Sitting for extended periods of time.Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse, and other computer components.Additional InformationAs much as we believe in working hard, we also believe in personal growth and taking time for ourselves. Accordingly, our total rewards philosophy amounts to one of the best compensation and benefits packages in the industry – from performance-based incentives and extended benefits, to training and education reimbursements and ample vacation time.Central 1 is committed to building a diverse and inclusive workforce by creating an environment where everyone feels like they belong and has the opportunity to be successful. We are welcoming of all applicants and we will provide an accessible candidate experience.Reporting to: Director, Information SecurityGrade: FDate Posted: August 5, 2021Internal Applicant due date: August 12, 2021External Applicant due date: August 30, 2021Location: Vancouver, British Columbia, Mississauga or TorontoQuick Apply

• Terms & Conditions
• New Privacy
• Privacy Center
• Accessibility

For Job Seekers

• Browse Jobs
• Advanced Job Search
• Emplois Quebec

For Employers

• Post a Job

Stay Connected