Job Description

Location Address: Hybrid Toronto - 2-4 days onsite (Tuesdays and Thursdays subject to change and can be flexible)
Subject to change: 3-4 days onsite may be required based on business needs
Contract Duration: 6 months
Possibility of extension & conversion to FTE
Number of Positions: 2
Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week
Story Behind the Need
Business group: Cloud & Platform Engineering Application Security Operation team has global accountability and is highly supportive of the Bank's business, enabling execution of the Bank's strategies, operations and services, while ensuring that appropriate application security practices are adhered to. Now Application Security Operation is expanding the scope to cover Cloud Native Application Protection Platforms (CNAPP). This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to cloud and application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate AppSec and CNAPP processes and procedures into the software development lifecycle.
Project: We are seeking a Security Enablement and Engagement Specialist to join our Application Security Operation team. The ideal candidate will have a strong understanding of Application security tools, security controls within CICD pipelines and the release management lifecycle. In addition, you excel at bridging gaps between technical and non-technical teams, enduring secure software releases, driving effective stakeholder communication and fostering continuous education across the organization.
Two positions: One is for Cyber Risk team, one is for Cloud Acceleration Program
Candidate Requirements/Must Have Skills:
1) 10+ years' relevant working experience in IT (application security, release management etc.)
2) 3 + years' experience as an application security analyst, with demonstrated experience in security integration, automation of security processes, risk assessment and mitigation
3) 2+ years' experience practicing application security (SAST, DAST, SCA, MAST) throughout the Secure Software Development Lifecycle (SSDLC), with demonstrated experience in vulnerability assessment, security integration, automation of security processes, risk assessment and mitigation
4) 1+ years' experience designing SharePoint pages and authoring documentation in both SharePoint and Confluence environments, and experience with Jira/Confluence
5) 2+ years' experience building executive-level reports and dashboard that communicates security posture.
Nice-To-Have Skills:
1) 2+ years' experience with popular CI/CD tools and processes like BitBucket/GitHub, Jfrog Artifactory, Jenkins, Azure DevOps, GitLab CI/CD.
2) Proficiency in tools like Excel, Power BI, or other reporting platforms.
3) Programming and scripting experience (Python preferred)
4) 2+ years' experience designing and delivering training programs (e.g., live sessions, documenting)
Soft Skills Required:

• Excellent communication skills and good support skills for triaging and analysis of issues for all development teams
• Proficient at collaborating with various stakeholders to achieve the objectives assigned
• Strong project management type of skills - organized, time management, etc.
• Self-sufficient, very meticulous with business analysis skills - gathering, translating, putting together requirements
• Detail oriented and skilled in summarizing and provides insights from complicated processes.

Education:
Undergrad or equivalent experience - valuing work experience more
CISSP or any security certification is an asset
Best VS. Average Candidate:
Experience delivering successful projects, candidate who has the technical skills and strong communication skills, someone who is adaptable and keen to learn new skills and technology and is a team player, is open to feedback as a learning opportunity; product knowledge is coachable, strong base for AppSec and ideally programming knowledge but would rather have someone who is strong in comms and eager to learn and can coach on some of the more specific technical pieces - Experience authoring SharePoint pages in both SharePoint and Confluence environments
Candidate Review & Selection

• 1-2 rounds - remote - Video Conference Call MS Teams
• 1st - HM and one or two Senior Leads - 1 hour - technical interview focusing on Application product/solution integration within the SDLC and vulnerability assessment knowledge and skills

Skills Required