Job Description

Requisition ID: 186871 Tangerine is Canada\xe2\x80\x99s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It\xe2\x80\x99s important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.
Senior Application Security Specialist
Purpose
Contributes to the overall success of the Application Security Services in Canada ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team\xe2\x80\x99s business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.
Accountabilities

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
• Recommend, design, assess, implement, deploy and maintain application security tools required to protect Scotiabank and its customers.
• Develop and/or enhance the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directives, technical standards and published communication process flows.
• Adhere to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate identified risks.
• Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.
• Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
• Develop and/or enhance reporting to development teams and all levels of management to provide proper tracking and measurement of remediation relative to established objectives.
• Understand how the Bank\xe2\x80\x99s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank\xe2\x80\x99s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high-performance environment and contributes to an inclusive work environment.

#ScotiaCyberSecurity #Li-Hybrid #ScotiaTechnology
Responsibilities including but not limited to

• Support the scanning of web applications prior production code releases.
• Support the scanning and reporting of all the Scotiabank web applications every month.

Education and Experience

• Understanding of multi-tier Web Applications, web services, and related vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
• Have a comprehensive understanding of the HTTP protocol, System Development Lifecycle (SDLC) and Web Programing for multi-tier web applications and web services. An understanding of JavaScript, SQL, HTML, XML, ASP.net, and VB.net is essential, while Java, PHP, XML, Python, PowerShell, and Ruby would be considered a plus.
• Experience performing source code and/or application security assessments, including risk assessments, and penetration testing. The ability to demonstrate exploitation of vulnerabilities would be an asset, as would experience with vulnerability testing and scanning tools such as BURP Suite, HP WebInspect, AppScan, SQLMap, ZAP, and Fortify.
• Understanding of gateway technologies and network devices such as Load Balancers, Proxies, IPS, WAF.
• Must have the ability to generate reports and tailor his/her communication strategy for various levels of technical staff, executive management, and business clients.
• Understanding on Interactive Application Security Testing (IAST) tools.
• CISSP and/or CISA designation beneficial but not required.
• CEH, OSCP, GMOB.
• University degree or college diploma, and a minimum of four (4) years equivalent security industry-related experience required.

Location(s): Canada : Ontario : Toronto At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.