Test Software Developer - Toronto, ON, Canada - Tundra Technical Solutions Inc.

Description

Scotiabank's Information Security & Control (IS&C)'s Vulnerability Management Services – Application Security is responsible to improve security practices and, through that, to find and preferably prevent security issues within applications.

The Application Security team has global accountability and is highly supportive of the Bank's business, enabling execution of the Bank's strategies, operations and services, while ensuring that appropriate application security practices are adhered to.

This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats.

This candidate will be expected to conduct assessments and utilize the SAS too to scan codes before it progresses into production.

This includes thorough analysis of findings and collaboration with the development team to address any identified issues before deployment.
We are technology partners who help the business transform how our employees around the world work.

The incumbent is responsible for supporting the Senior Manager, Director, VP, SVP and CISO in achieving IS&C Strategic goals through various processes, including:

Build and support within the lower environments and supporting the deployment of applications and users into production.
Application production support.

Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.

Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.

Recommend, design, assess, implement, deploy and maintain application security controls required to protect Scotiabank and its customers.

Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.

Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner

10+ years of experience with Java application development and more than one of the following languages: Java/JavaScript (preferred), Swift, Kotlin, React, Angular, Ruby, Python C#.

3+ years of experience building security applications.
3+ years of experience with multi-tier Web Applications, web services, and related vulnerabilities and potentials threats.

Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).

3+ years of experience performing source code reviews manually and experience with any Static Application Security Testing (SAST) tools.

3+ years of experience and knowledge of technologies and processes such as Agile Software Delivery, Continuous Integration and Continuous Delivery, DevOps, GitOps, Cloud Native Technologies including Docker Containers, Kubernetes, and Deployment Automation & Orchestration.

Experience in an Agile development workshop and leveraging tools such as Confluence, JIRA, Bit Bucket, Gradle, Maven and Jenkins.

Experience on reporting tools such as Cognos, JasperReport and Microsoft Power BI.

Excellent written, presentation, and verbal communication skills to be able to work well with technical peers and business stakeholders at different levels within the organization.

Strong decision making, forward thinking and creative problem-solving skills to anticipate and respond quickly to technological/market influences.
Preferably, someone who has team lead experience and can communicate incidents and progress to the executive leadership.

1st round video interview – Panel with Senior Manager and Technical Team (45 minutes)
Team will discuss background and technical skills (development and application security experience)
2nd round video interview – Senior Manager and Director (45 minutes)
Assess team fit/soft skills and technical skills