- A minimum of 5 years' experience leading application security functions in a fast-paced, multi-project and multi-customer IT environment.
- Bachelor's degree in Computer Science, IT, Information Security or in a related field.
- Minimum 5+ years of experience in the field of security in the following areas: security engineering, incident response, system, application and network security, vulnerability management, threat modelling, penetration testing, intrusion detection, firewalls and encryption technologies.
- Minimum 5+ years of experience in the information security field with exposure to audit, risk management, data privacy, and regulatory and compliance practices.
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
- Software development experience in one of the following core languages: Ruby on Rails, SQL, HTML, Java, Javascript and .NET
- Experience with modern Web Application Frameworks e.g. J2EE/Rails/.Net, Spring Boot, Web Services (SOAP/WSDL or REST/WADL), WCF, Service Oriented Architectures) and of network/web related protocols.
- Preferred certifications: CISSP, CISM, SANS GIAC.
- Knowledge and experience of cloud infrastructure security; Azure, AWS, Google Cloud.
- Knowledge and experience working with various security frameworks (e.g., ISO/IEC 2700x, NIST CSF, COBIT, OWASP) and audit frameworks (SOC 2).
- Knowledge of Security Information and Event Management (SIEM) tools, network and operating system security features (e.g., Windows, Linux, Ubuntu) and network security technologies (e.g. firewalls, filtering routers, authentication mechanisms, IPSEC VPN, server hardening).
- Knowledge and experience with microservices and containerization technologies (e.g. Docker, Kubernetes, Rancher).
- Scripting languages such as Python, Ruby, Perl, Bash and/or PowerShell.
- Have hands-on experience with tools and technologies used throughout secure SDLC (e.g., Veracode, Blackduck) and in Agile development preferred.
- Hands on experience with managing security awareness and training such as online training modules, lunch and learns, periodic security communication, and simulated phishing campaigns.
- Knowledge of security flaws and its resolution as listed in sites like OWASP, SANS, etc.
- Knowledge of authentication mechanisms like SAML, OAuth, etc.
- Experience in secure application programming, performing code reviews, and penetration testing, web-based security testing of mobile applications preferred
- Familiarity with attack vectors and its customer impact.
- Ability to work in both a collaborative team environment as well as independently when required.
- Security knowledge on current threats, trends and mitigations.
- Strong time management and prioritization skills and ability to multi-task across various projects in a high-paced work environment to meet deadlines and manage stakeholder expectations.
- Knowledge of software design, network architecture, protocols, and standards preferred.
- Interest in all aspects of security research and development.
- Implement, test and operate advanced software security techniques in compliance with technical reference architecture
- Identify, highlight and provide application / API security requirements and recommendations to the engineering and product teams during architecture and design review phase
- Perform on-going security testing and code review to improve software security
- Provide engineering designs for new software solutions to help mitigate security vulnerabilities
- Consult team members on secure coding practices
- Conduct in-house penetration testing and code review of Prosper applications
- Provide consultancy to the product development, engineering & operations teams on technical security issues and remediation
- Take ownership of application vulnerability management process
- Categorize the vulnerabilities as per the defined process.
- Ensure that SAST and DAST vulnerability scans run at scheduled time.
- Implements and configures IDS and related enterprise security systems to help the organization better identify intrusions, attacks, vulnerabilities and recommends appropriate course of action.
- Maintains an expert-level knowledge of the daily security landscape and serves as a security advisor to Absolute as a whole.
- Responsible for independent and team-based security audits of all security policies, procedures, and protocols with an emphasis on consistent improvement of controls.
- Maintains, establishes, and improves vulnerability management, risk assessment, and incident management processes.
- Interacts with IT, Hosting Operations, Product Development teams to identify areas of risk and solutions for improvement including development, infrastructure, and systems management.
- Serves as an escalation point for all security incidents reported by users and/or security tools and drives resolution efforts.
- Lead in the identification of potential vulnerabilities within systems, networks, DBs, applications and recommend suitable controls and countermeasures to mitigate such vulnerabilities.
- Regularly tests and audits systems within the corporate IT and production environment for vulnerabilities and misconfigurations.
- Advises IT, Hosting Operations and Application / Product Development teams on secure configuration, installation, maintenance, and upgrades of infrastructure and applications as well as evaluation of new products as it relates to security.
- Creates, provides, and improves upon documentation and training to internal departments to facilitate secure day-to-day operations.
- Plays key role in establishing and maintaining compliance programs as needed (e.g., SOC 2, GDPR, FedRAMP).
- Architects, designs, implements, maintains and operates information system security controls and countermeasures.
- Conducts internal penetration testing assessments (e.g., network, web applications, wireless networks).
- Perform as the Enterprise Security Technical Lead in order to properly analyze, contain, eradicate, and recover a security incident(s).
- Ensure fixes are applied as per the vulnerability policy.
- Track open issues and follow up with different teams to address them.
- Maintains current expert knowledge in the field by reviewing relevant materials and journals and maintaining appropriate professional and external contacts.
- Undertakes special projects or assignments as required.
- Performs other related duties as required.
- 6 Months – Extendable by 1 to 2 Years and more based on performance
-
Cloud Engineer
Found in: Talent CA C2 - 5 days ago
VertiGIS Victoria, CanadaMake Connections – Build Solutions · Die VertiGIS Unternehmensgruppe entwickelt Softwarelösungen im Bereich der Geografischen Informationssysteme (GIS). Unsere Leidenschaft liegt in der Entwicklung innovativer Softwarelösungen und Dienstleistungen, die unsere Kunden dabei unters ...
-
Systems Administrator
Found in: Appcast CA C2 A - 2 days ago
MYRA Systems Victoria, CanadaSystems Administrator - VMware/Virtualization Specialist · All submissions must include both a cover letter and resume. Only those candidates selected for an interview will be contacted. Submissions for consideration are to ONLY be sent to the email listed ) and indicate Systems ...
-
Reliability Software Engineer
Found in: Jooble CA O C2 - 23 hours ago
Plexxis Software Victoria, BC, CanadaPosition Title: Software Delivery & Reliability Engineer · Reports to: West Coast Development Leader · Job Type: Full time, permanent · All successful candidates are required to reside within commuting distance of our Langford/Victoria office location. As a Software Delivery & ...
-
Application Security Architect
Found in: Talent CA C2 - 4 days ago
Integro Softwares Inc Victoria, CanadaPOSITION ROLE · Contract · POSITION DESCRIPTION · We are seeking an experienced Application Security Architect, who interfaces with technical and non-technicalteams to identity product security risks and develop solutions to eliminate or minimize them. The candidateshould have ...
-
System Simulation Engineer
Found in: Talent CA C2 - 4 days ago
Intel Victoria, CanadaJob Description · Intel Foundry Services (IFS) is an independent foundry business that is established to meet our customers' unique product needs. With the first Open System Foundry model in the world, our combined offerings of wafer fabrication, advanced process, and packaging ...
-
Risk and Security Officer
Found in: Talent CA C2 - 3 days ago
Worldline Victoria, Canada PermanentRisk and Security Officer - 2nd Line of Defense · Location: Victoria, BC (hybrid) · Salary Range: $85K CAD to $105K CAD · At Worldline, our technology addresses persistent challenges of the payment world. We craft and operate leading digital payment and transactional solutions t ...
-
Senior Database Administrator
Found in: Talent CA C2 - 3 days ago
Worldline Victoria, Canada PermanentSenior Database Administrator · Location: Victoria, BC. Canada (hybrid) · Total Earnings Pay Range: $124,000 - $140,000 · Global Grade: 12 · This is Worldline · We are the innovators at the heart of the payments technology industry, shaping how the world pays and gets paid. The s ...
-
Systems Administrator
Found in: Jooble CA O L C2 - 2 days ago
MYRA Systems Victoria, BC, CanadaSystems Administrator - VMware/Virtualization SpecialistAll submissions must include both a cover letter and resume. Only those candidates selected for an interview will be contacted. Submissions for consideration are to ONLY be sent to the email listed ) and indicate Systems Adm ...
-
Building Operator
Found in: Talent CA C2 - 5 days ago
Angus Consulting Management Limited Victoria, Canada Full timeACML's Maintenance team is growing Are you looking for a challenging and rewarding career with Canada's leading provider of customized operations and solutions? If you are a devoted and career-minded professional looking to contribute to a hard-working, dedicated team, we want to ...
-
Senior Microsoft Dynamics Solution
Found in: Talent CA C2 - 5 days ago
CGI Victoria, Canada Full timePosition Description: · CGI is seeking an experienced MS Dynamics Solution Architect to join their team in Victoria. The ideal candidate will be experienced in both a project and support capacity, able to work face to face with clients, mentor more junior resources and drive arc ...
-
Project Technologist
Found in: Talent CA C2 - 1 day ago
Pinchin Victoria, CanadaProject Technologist · Environmental Due Diligence & Remediation · Victoria, BC · Today is the day to boost your career Pinchin is seeking a Technologist to join our Environmental Due Diligence & Remediation team in our Victoria Office. · The ideal candidate will have 2-3 years o ...
-
Director, Development
Found in: Talent CA C2 - 4 days ago
Starlight Group Property Holdings Inc. Victoria, CanadaLocation · Victoria, BC Overview · Based in Victoria, reporting to and working closely with the Vice President Development , the Director will be accountable for helping lead and mentor a team of experienced development professionals to deliver on a substantial portfolio of re ...
-
landscape worker
Found in: Talent CA 2 C2 - 3 days ago
Habitat Habanero Yard and Garden Care Victoria, CanadaDurée de l'emploi: Temporaire · Langue de travail: Anglais · Heures de travail: 38 to 40 hours per week · Education: · Expérience: · Education · Secondary (high) school graduation certificate · Work site environment · Outdoors · Work setting · Landscape maintenance · On-site cu ...
-
landscape worker
Found in: Talent CA 2 C2 - 3 days ago
Habitat Habanero Yard and Garden Care Victoria, CanadaWork Term: Temporary · Work Language: English · Hours: 38 to 40 hours per week · Education: Secondary (high) school graduation certificate · Experience: 3 years to less than 5 years · Work site environment · Outdoors · Work setting · Landscape maintenance · On-site customer servi ...
-
Manager of Operations
Found in: Talent CA C2 - 3 days ago
Island Community Mental Health Victoria, Canada Full timeIsland Community Mental Health: · Operating since 1956, Island Community Mental Health (ICMH) is a leading non-profit organization committed to delivering the best practices in evidence based programming and service provision within the mental Health and substance use sector. · I ...
-
Temporary Utility Operator
Found in: Talent CA C2 - 3 days ago
Corix Victoria, Canada Full timeReports to · Operations Manager/Operations Supervisor/Supervisor, Utility Services · Location · Victoria, BC · Compensation · $60,000 - $65,000 yearly salary · Who we are · Water is the common thread that connects us all. We deliver vital, safe and reliable services which en ...
-
Project Manager
Found in: Talent CA C2 - 4 days ago
Pinchin Victoria, CanadaProject Manager – Hazardous Materials · Environmental Health and Safety Consulting · Victoria, BC · Today is the day to boost your career Pinchin is seeking a Project Manager to join our Consulting Team in Victoria. · Our Victoria office is currently looking for a motivated profe ...
-
Junior Quality Assurance Analyst
Found in: Talent CA C2 - 2 days ago
VertiGIS Victoria, Canada Full timeThe Position · Over 1,500 organizations around the world rely on VertiGIS to design, develop and maintain both web and mobile based mapping applications. We believe geographic information over the web and on mobile devices can empower people to make better decisions about their ...
-
Web Integrator
Found in: beBee S2 CA - 1 week ago
YiFang Taiwan Fruit Tea Victoria, CanadaDevelop, modify, and update company website and web application interfaces Maintain and improve code to provide efficient and effective user experience Update and maintain cyber security for company and client users Examine relevant data, such as user feedback and performance met ...
-
Marine Systems Engineer
Found in: beBee S2 CA - 2 weeks ago
Babcock Victoria, Canada Full timeMarine Systems Engineer - Mechanical (Permanent) Victoria, BC (Band 5.1) Expected Salary: $75,696 to $109,339 Underpinned by a deep understanding of technology integration, asset management, and specialist training, Babcock International works with customers around the world to ...
Sr. Application Security Engineer - Victoria, Canada - Integro Softwares Inc
Description
POSITION ROLE
Contract
POSITION DESCRIPTION
We are seeking an experienced Sr. Application Security Engineer who interfaces with technical and non-technical teams to identity product security risks and develop solutions to eliminate or minimize them. The candidate should have a deep understanding of application security vulnerabilities and mitigation strategies. He or she will drive the creation and maintenance of applications / products security standards, guidelines and procedures along with conducting application penetration testing, performing architecture/design and code reviews, and vulnerability assessments. Analyze software designs and implementations from a security perspective, and identify and resolve security issues. You will include the appropriate security analysis, defences and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
The position is based in Victoria (Client Location).
QUALIFICATIONS
PRIMARY RESPONSIBILITIES
Duration
COMPETENCIES
Customer Orientation
Effective performers stay close to customers and consumers. They view the organization through the eyes of the customer/consumer and go out of their way to anticipate and meet customer/ consumer needs.
Team Management
Effective performers create and maintain functional work units. They understand the human dynamics of team formation and maintenance. They formulate team roles and actively recruit and select to build effective work groups.
High Standards
Effective performers possess a high inner work standard and shows pride in their work. They consistently strive to ensure work is complete within deadlines and that all work performed is of a high quality.
Organization & Planning
Effective performers have strong organizing and planning skills that allow them to be highly productive and efficient. They manage their time wisely and effectively prioritize multiple competing tasks. They follow through on tasks to ensure changes in technology are communicated effectively.
Results Orientation
Effective performers maintain appropriate focus on outcomes and accomplishments. They are motivated by achievement, and persist until the goal is reached. They convey a sense of urgency to make things happen. They respect the need to balance short- and long-term goals. They are driven by a need for closure.
Communicativeness
Effective performers recognize the value of continuous information exchange and the competitive advantage it brings. They actively seek information from a variety of sources and disseminate it in a variety of ways. They take responsibility for ensuring that their people have the current and accurate information needed for success.
Change Mastery
Effective performers are adaptable. They embrace needed change and modify their behaviour when appropriate to achieve organizational objectives. They are effective in the face of ambiguity. They understand and use change management techniques to help ensure smooth transitions.
Business Thinking
Effective performers see the organization as a series of integrated and interlocking business processes. They understand how their work connects with and affects other areas of the organization.
Relationship Building
Effective performers establish and proactively maintain a broad network of relationships (e.g. colleagues, co-workers, vendors, suppliers, etc.). They value these relationships and work effectively across the organization by maintaining positive working relationships with peers and others.