Job Description

The future of work is flexible, and so is OneSpan. Our teams have proven that they are able to achieve their goals together while being apart throughout the global pandemic, and we are embracing work flexibility. Many positions and locations will provide you with the choice of in office work, distributed or hybrid. We collaborate with each employee to develop their preferred work environment. This position is open to candidates who have their residence in Montr\xc3\xa9al. At OneSpan, we infuse trust into everything we do. That\'s why enterprises that care about securing the customer journey partner with us. Security is core to OneSpan\'s DNA.
We are looking for an Application Security Specialist near our office in Montreal to support us in building best in class security solutions for our customers. You will join OneSpan\'s Security Competence Center, a team in the OneSpan R&D organization which is responsible for the security aspects of OneSpan\'s products and services.
Responsibilities:

• Interpret the results of security scans (SAST, SCA, DAST, penetration tests, bug bounty programs) and give relevant and risk-based suggestions for solving security issues and track the resolution activities.
• Manage external penetration testing and bug bounty activities.
• Improve automated security testing of developed code together with the development teams through various methods and tools.
• Be the go-to person for application security related questions from R&D security champions.
• Follow up on secure product development practices and trends and provide suggestions to further improve our secure development processes.

• Perform hands-on security testing on our solutions.

Requirements:

• 4+ years of hands-on technical experience with software security.
• Experience with software security scanning tools (such as SAST, SCA, DAST).

• Good understanding of web applications, frameworks and protocols with respect to application development, building and deployment, build pipelines and automation (Gitlab, Jenkins).
• Familiar with the foundations of secure development and application security (AppSec/DevSecOps) concepts and practices.
• Penetration testing (infrastructure, web application) or bug bounty experience is beneficial
• Experience with Veracode is a big plus.

Competences:

• Fast learner that is not afraid to continuously learn new skills and adapt to a fast changing environment.
• Take initiative and like to get things done.
• Ability to work independently and proactively within a team-oriented environment.
• Good interaction skills to understand and explain reported security issues to various audiences.

FRENCH Chez OneSpan, nous insufflons la confiance dans tout ce que nous faisons. C\'est pourquoi les entreprises soucieuses de s\xc3\xa9curiser le parcours de leurs clients s\'associent \xc3\xa0 nous. La s\xc3\xa9curit\xc3\xa9 est au c\xc5\x93ur de l\'ADN de OneSpan. Nous sommes \xc3\xa0 la recherche d\'un sp\xc3\xa9cialiste de la s\xc3\xa9curit\xc3\xa9 d\'applications \xc3\xa0 notre bureau de Montr\xc3\xa9al pour nous aider \xc3\xa0 \xc3\xa9laborer les meilleures solutions de s\xc3\xa9curit\xc3\xa9 de leur cat\xc3\xa9gorie respective pour nos clients. Vous rejoindrez le centre de comp\xc3\xa9tences de s\xc3\xa9curit\xc3\xa9 de OneSpan, une \xc3\xa9quipe de l\'organisation R&D de OneSpan qui est responsable des aspects de s\xc3\xa9curit\xc3\xa9 des produits et services de OneSpan. Responsabilit\xc3\xa9s :

• Interpr\xc3\xa9ter les r\xc3\xa9sultats des analyses de s\xc3\xa9curit\xc3\xa9 (SAST, SCA, DAST, essais de p\xc3\xa9n\xc3\xa9tration, programmes de primes aux bugs) et faire des suggestions pertinentes et fond\xc3\xa9es sur les risques en vue de r\xc3\xa9soudre les probl\xc3\xa8mes de s\xc3\xa9curit\xc3\xa9 et de suivre les activit\xc3\xa9s de r\xc3\xa9solution.
• Manager les essais de p\xc3\xa9n\xc3\xa9tration externes et les activit\xc3\xa9s bug bounty.
• Am\xc3\xa9liorer les essais de s\xc3\xa9curit\xc3\xa9 automatis\xc3\xa9s du code d\xc3\xa9velopp\xc3\xa9 en collaboration avec les \xc3\xa9quipes de d\xc3\xa9veloppement au moyen de m\xc3\xa9thodes et d\'outils divers.
• \xc3\x8atre la personne \xc3\xa0 contacter pour les questions relatives \xc3\xa0 la s\xc3\xa9curit\xc3\xa9 des applications pos\xc3\xa9es par les champions de la s\xc3\xa9curit\xc3\xa9 de la R&D.
• Suivre les pratiques et les tendances en mati\xc3\xa8re de d\xc3\xa9veloppement de produits s\xc3\xa9curis\xc3\xa9s et faire des suggestions pour am\xc3\xa9liorer nos processus de d\xc3\xa9veloppement s\xc3\xa9curis\xc3\xa9s encore d\'avantage.
• Proc\xc3\xa9der \xc3\xa0 des essais de s\xc3\xa9curit\xc3\xa9 pratiques sur nos solutions.

Exigences :

• 4+ ans d\'exp\xc3\xa9rience technique pratique en mati\xc3\xa8re de s\xc3\xa9curit\xc3\xa9 logicielle.
• Exp\xc3\xa9rience en mati\xc3\xa8re d\'outils d\'analyse de s\xc3\xa9curit\xc3\xa9 logicielle (tels que SAST, SCA, DAST).
• Bonne compr\xc3\xa9hension des applications, cadres et protocoles web en ce qui concerne le d\xc3\xa9veloppement, la construction et le d\xc3\xa9ploiement d\'applications, les conduites de construction et l\'automatisation (Gitlab, Jenkins).
• Familier/Famili\xc3\xa8re avec les fondements des concepts et pratiques de d\xc3\xa9veloppement s\xc3\xa9curis\xc3\xa9 et de s\xc3\xa9curit\xc3\xa9 des applications (AppSec/ DevSecOps).
• Une exp\xc3\xa9rience en mati\xc3\xa8re d\'essais de p\xc3\xa9n\xc3\xa9tration (infrastructure, application web) ou bug bounty est b\xc3\xa9n\xc3\xa9fique
• Une exp\xc3\xa9rience avec Veracode constitue un grand atout.

Comp\xc3\xa9tences :

• Vous apprenez vite et ne craignez pas d\'acqu\xc3\xa9rir continuellement de nouvelles comp\xc3\xa9tences et de vous adapter \xc3\xa0 un environnement en rapide \xc3\xa9volution.
• Vous prenez les initiatives et vous aimez faire avancer les choses.
• Vous disposez d\'une capacit\xc3\xa9 \xc3\xa0 travailler de mani\xc3\xa8re autonome et proactive dans un environnement ax\xc3\xa9 sur l\'\xc3\xa9quipe.
• Vous avez de bonnes capacit\xc3\xa9s d\'interaction pour comprendre et expliquer les probl\xc3\xa8mes de s\xc3\xa9curit\xc3\xa9 signal\xc3\xa9s \xc3\xa0 divers publics.

#LI-JD1

We offer you the opportunity to be part of a world of trusted digital interactions and agreements. You hold significant responsibility and accountability; your work makes an impact. We move quickly to stay on top of the latest technology and industry trends, which inform and help your work. If you want to join a team that helps organizations to accelerate their digital transformations by enabling secure, compliant, and refreshingly easy digital customer agreements and transactions, we like to meet you! OneSpan provides a safe and drug-free working environment for its employees and to meet or exceed the standards of all applicable laws and regulations governing workplace safety, health and the environment. We know it takes people with a diversity of perspectives, ideas, and culture to make our company succeed. We are committed to building a community of belonging and meaningful connections. Likewise, we also believe that hiring the best talent will lead to the creation of better products and services. OneSpan is an Equal Opportunity employer, for more information please visit our Privacy Center.