Business group: Cloud & Platform Engineering - integrating application security vulnerability detection tools used by the Bank for static code analysis and SBoM generation
Project: Resource will be playing a key role in developing and deploying components of the strategic solution for Application Security implementing Software Composition Analysis and SBoM tools in the bank's SDLC.
Candidate Value Proposition:
The successful candidate will have the opportunity to work with cutting-edge security vulnerability detection tools; implement and define best practices in delivering enterprise scale solutions, opportunity to work with senior/international stakeholders, for a top 5 Canadian Bank.
Typical Day in Role:
Solution Design & Integration: Design and implement integrations between vendor APIs and Bank systems to provide seamless automation of SCA and SBoM generation through SDLC processes.
Cloud Management: Be able to assess and implement best practices when configuring cloud SaaS solutions and integrations with APIs
Collaboration: Work closely with development, operations, and security teams to identify and resolve issues, complete threat risk assessments, and improve existing processes.
Security: Implement security best practices and ensure compliance with industry standards to protect the integrity and confidentiality of our systems and data.
Performance Optimization: Analyze system performance and implement improvements to enhance efficiency, reduce latency, and optimize resource usage.
Disaster Recovery: Design and implement disaster recovery plans to ensure business continuity and data integrity in case of system failures or other unforeseen events.
Candidate Requirements/Must Have Skills:
10+ years of enterprise IT experience
3+ years' experience as a Software or DevOps Engineer
Experience in designing, programming and implementing APIs, automation scripts using python, java, or other scripting tools
Experience in designing and implementing automated security scanning in CI/CD pipelines
Experience with SSO, Networking, and general OS system administration (linux and windows)
Nice-To-Have Skills:
Cloud solution deployment experience (GCP, Azure)
Experience with security tools (SAST, SCA, DAST)
Solution architecture experience
Soft Skills Required:
Strong analytical and problem-solving skills with the ability to devise innovative solutions to complex technical challenges.
Strong communication skills- written & oral
Strong collaborator, team player
Education:
Bachelors in technical field (computer science)
Best VS. Average Candidate:
Someone who can work independently with stakeholders to implement solution from design, constantly able to update design - Crucial: taking initiative, strong problem solver and is a strategic thinker and can identify solution; experience with APIs. The best candidates will have used the tools themselves and have an understanding of how they work, strong independent developer, with programming and automation expertise.
Programming with python, java experience is more important than security experience as many candidates in the past have had more broad security engineer profiles and need someone who can program and run scripts in the back end
Candidate Review & Selection:
2-3 Rounds - MS Teams Video Interviews - all panels
Codility will be sent as first step of the process - multiple choice around system admin concepts with some coding examples (python for 1 and other is language agnostic) - 15 minutes to complete - with 1-2 days lead time and will invite to interview based on the results
1st - 30 minutes-45 minutes - panel of project team members (HM, technical resources) - initial assessment with senior team membership to assess fit.
2nd - 45 minutes - follow-up interview with technical team members probing on technical expertise and project experience
Potential - 3rd if needed to decide between candidates