IT Security Analyst

Exciting IT Security Analyst Opportunity in Toronto! Join our Team and Showcase your Technical Expertise, Web Application Security Proficiency, and Strong Development Skills! If you are interested or know someone who would be a great fit, reach out to us today and refer friends/colleagues!

Type of Employment: Contract
Title: Security Analyst
Term: 8 months (with extension) – 37.5 hours/Week
Location: Toronto – Remote
Job ID number: C1222

Brief Description of Duties: 

The client’s Information Security & Control (IS&C)’s Vulnerability Management Services – Application Security is responsible to improve security practices and, through that, to find and preferably prevent security issues within applications.

The Application Security team has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.

Candidate Value Proposition:
The successful candidate will have the opportunity to work within the client. We are technology partners who help the business transform how our employees around the world work. You will get to work with and learn from diverse industry leaders, who have hailed from top technology.

Typical Day in Role:
The incumbent is responsible for supporting the Senior Manager, Director, VP, SVP and CISO in achieving IS&C Strategic goals through various processes, including:
• Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.
• Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
• Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives.
• Recommend, design, assess, implement, deploy and maintain application security controls required to protect the client and its customers.
• Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
• Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
• Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner

Must Have Skills: 

• Technical experience as an IT Security Analyst with experience building security applications.
• Experience with multi-tier Web Applications, web services, and related vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web
• Application Security Project) and CVE (Common Vulnerabilities and Exposures).
• Experience with Java application development and more than one of the following languages: Java/JavaScript (preferred), Swift, Kotlin, React, Angular, Ruby, Python C#.
• Experience performing source code reviews manually or using analysis tools is essential. Analysis tools such as Fortify SCA and BlackDuck are preferred.
• Experience with technologies and processes such as Agile Software Delivery, Continuous Integration and Continuous Delivery, DevOps, GitOps, Cloud Native Technologies including Docker Containers, Kubernetes, and Deployment Automation & Orchestration.

Nice to Have Skills: 

• Experience in an Agile development workshop and leveraging tools such as Confluence, JIRA, Bit Bucket, Gradle, Maven and Jenkins.
• Experience on reporting tools such as Cognos, JasperReport and Microsoft Power BI.

Soft Skills:

• Good communication skills and good support skills for triaging and analysis of issues for all development teams
• Must have the ability to generate reports and tailor his/her communication strategy for various levels of technical staff, executive management, and business clients.
• Strong decision making, forward thinking and creative problem-solving skills to anticipate and respond quickly to technological/market influences.
• Ability to work as part of a team, as well as work independently or with minimal direction.

Best vs. Average Candidate:

• Candidate who is an expert in the security world and can hit the ground running with a minimal learning curve.
• Candidate who has team lead experience and can communicate incidents and progress to the executive leadership.
• Experience with SAST (Static Application Security Tools).
• Experience with SCA (Software Composition Analysis) also known as Supply Chain Security or Open Source Security.

Education:

• University degree or college diploma and a minimum of four (4) years equivalent security industry-related experience required.
• CISSP and/or CISA designation beneficial but not required.
• CEH, OSCP, OSWE designation beneficial but not required.