Job Description

We\xe2\x80\x99re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what\xe2\x80\x99s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit



This position can be primarily located in either Toronto (hybrid) or Ottawa (remote), Vancouver (remote) or Charlotte, NC (remote) depending on the successful candidate

What You\'ll Be Doing

You\xe2\x80\x99ll be joining CIBC\xe2\x80\x99s Application Security and Risk team. You\xe2\x80\x99ll be on the front lines of building the future of information security at CIBC. As an Information Security Consultant (Application Security), you\xe2\x80\x99ll assess projects for security risks and present recommendations that allow the business to make informed decisions. You\xe2\x80\x99ll provide insight and support to build policies and procedures that safeguard our clients, enhance risk management, and enable our success.

At CIBC we enable the work environment most optimal for you to thrive in your role. You\xe2\x80\x99ll have the flexibility to manage your work activities within a hybrid work arrangement where you\xe2\x80\x99ll spend 1-3 days per week on-site, while other days will be remote

How you\xe2\x80\x99ll succeed

Application Security Steward you will be responsible for performing Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA).

Review security scan results and work closely with development team to prioritize security vulnerabilities identified using a risk-based approach.

Provide training awareness to the application development teams of the benefits of web application layer protection service, including demonstrating exploits of confirmed security vulnerabilities.

Work with development teams to integrate automated security tools into the CI/CD pipeline.

Who You Are

You can demonstrate experience in application security concepts such as secure coding, design or development and industry application security standards and best practices. You have experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10. You can also demonstrate experience in using application security testing tools to perform static, dynamic code analysis, and penetration testing.

You have a Bachelor\xe2\x80\x99s degree in Computer Science, Software Engineering, related field or equivalent combination of education and experience. It\xe2\x80\x99s an asset if you have experience in software development with solid knowledge of all phases of SDLC

You can demonstrate experience in security code issues for JEE/.NET/JS/HTML/JSP/ASP applications

You are passionate about teams. You can build strong interpersonal and communication skills and ability to articulate application security issues to developers and project managers. You have experience in developing strong relationships across various levels of an organization to bring about a positive results and communicate requirements effectively.

Values matter to you. You bring your real self to work and you live our values \xe2\x80\x93 trust, teamwork and accountability.

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a health benefits program, defined benefit pension plan, an employee share purchase plan and MomentMakers, our social, points-based recognition program.

Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Prior to starting in this role, security checks, including a criminal record check must be successfully completed to the satisfaction of CIBC. An annual criminal record check may also be required.

What you need to know

CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact

You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

Job Location Toronto-483 Bay St 2nd Fl.

Employment Type Regular

Weekly Hours 37.5

Skills

Application Security Testing, Dynamic Application Security Testing (DAST), Regulatory Compliance, Security Testing, Static Application Security Testing (SAST)

CIBC