Job Description

Brandt is currently looking for a Security Analyst in our Regina location. The Security Analyst is primary responsible for ensuring the security and integrity of Brandt\xe2\x80\x99s applications. This includes using security tools and solutions to analyze and respond to cyber threats, vulnerability management, responding to security events and security service delivery initiatives for Brandt. This position provides leadership in the technology evaluation, design and the implementation of Application Security technologies providing expertise around secure coding practices, application security technical assessments and tools, operates and tunes the existing infrastructure and network for better security, provides requirements for new security tools, and creates use cases for monitoring. Duties & Responsibilities:

• Conduct thorough security assessments of applications, including static and dynamic analysis, penetration testing, and code review.
• Identify and prioritize potential security risks, vulnerabilities, and weaknesses in applications.
• Develop and implement effective security measures, controls, and countermeasures to mitigate risks.
• Collaborate with development teams to integrate security measures into the software development lifecycle.
• Stay up to date with the latest security threats, trends, and technologies, and provide recommendations for improvement.
• Monitor and respond to security incidents, conducting forensic investigations and implementing incident response plans.
• Conduct security awareness training for developers and other stakeholders.
• Evaluate and recommend security tools and technologies to enhance application security.
• Maintain documentation of security vulnerabilities, assessments, and remediation efforts.
• Develops project plans in coordination with Information Technology developers and other business units/departments.
• Participates in security audits and security risk assessments
• Follow/Maintain security operations playbooks and Incident Response Plans
• Participate in emergency action when required to safeguard assets from cyber security compromise and to assist with the eventual recovery of compromised systems
• Customer/Vendor relationship management
• Hours of work are typically Monday through Friday, 8:00 a.m. to 5:00 p.m., however, occasional evenings, weekends and additional on-call requirements will be necessary to meet customer needs and other company objectives.

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.

• A post-secondary education in computer science or related discipline, plus at least 5 years of progressive experience in Application security and administration, or combination of skills and experience.
• Strong understanding of application security principles, standards, and best practices
• Excellent working knowledge about application security as well as the controls necessary to mitigate them, on both an organizational and technical level.
• Familiarity with application architecture design, web application security, mobile application security, API and microservice security, network/infrastructure security, source code scanning and vulnerability assessment.
• Familiarity with DevOps and DevSecOps practices.
• Knowledge of secure coding practices and common vulnerabilities, such as OWASP Top 10.
• Familiarity with secure development frameworks and methodologies, such as Secure SDLC.
• Proficient in programming languages commonly used in application development, such as Java, C#, or Python.
• Proficient with Active Directory, O365 and Azure.
• Industry Standard Security Certifications is an asset