Job Description

Location Address: 888 Birchmount Road (hybrid 2-3 days a week in office)
Contract Duration: currently until end of fiscal
Schedule Hours: 9am-5pm (37.5 hours)Candidate Value Proposition:
Typical Day in the Role:

• Collaborate with stakeholders across the Bank - technology, application security product, security advisory, fraud, compliance and business channel teams - to drive the product features and roadmap in application security domains like SAST, MAST, SCA, DAST etc across the Bank.
• Policies for SCA - Security Policies, Licensing Policies and Operational Policies
• Mobile App Publishing - coordinate with stakeholders to define the minimum-security requirements for publishing a Mobile app to the App Store (Google Play store, Apple etc)
• Continuously evolve app sec product features based on industry best practices and emerging security threats
• Govern and define DevOps pipeline and developer tooling use cases to integrate with enterprise app sec products
• Will work closely with multiple cross enterprise teams to gather requirements and the adoption of new security products.
• Implementation and operations governance based on the defined enterprise standard solution architecture and design patterns
• Co-ordinate efforts from business and technology teams.
• Communicate regularly with various business channels on the progress made for various projects in the pipeline

• 10+ years experience in IT Security with focus on application security and/or devops
• 3+ years product management or similar experience with AppSec domains like SAST, MAST, SCA, DAST and/or tools like Veracode, Checkmarx, NowSecure, Fortify, Snyk, Burp Suite, Zap etc
• 3+ years experience with documenting process, requirements and product information
• General knowledge of threat modeling, vulnerability management and risk assessment
• General knowledge of OWASP Top 10, Mitre, CVE/CVSS
• 3+ years experience in the financial industry

• Experience with deployment and managing IaaS, PaaS & SaaS solutions
• Experience with infrastructure as code (IaC)
• Experience with API Security
• 3+ years experience with popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleC
• 3+ years experience with CI/CD Pipeline tools and processes like BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
• Experience building business cases demonstrative value of a product and cost-benefit analysis
• Security certifications like CISSP

LanceSoft