Application Security Analyst, Information Security
posted 2 months ago

Description

Office Location: Toronto, ON Great location! Steps away from the main public transit station

What we offer:
Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!

• Eligibility for benefits is dependent on the terms of employment

What you will do:

• Analyzing and documenting processes, policies, controls, and standards to comply with security frameworks and regulations.
• Understand technical and architectural issues from a security perspective and provide recommendations.
• Performing security reviews and provide insights throughout all phases of software development.
• Support the Application Security Manager in managing internal and external stakeholders related to Application Security.
• Managing and coordinating secure code reviews with stakeholders, encompassing Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST).
• Conducting application vulnerability assessments for web, mobile, webservices and cloud applications
• Performing or overseeing manual/automated application Vulnerability Assessment & Penetration Testing, and subsequently managing technical documentation including VAPT/Application Security tracking and reporting
• Reviewing the configurations to Web Application Firewalls (WAF)
• Work closely with the application development delivery teams to integrate security controls within the development pipeline ensuring an efficient development process with early security control gates.
• Assisting the Security Leadership in collaborating with IT Groups to define, develop, communicate, and implement a comprehensive long-term application security roadmap.
• This involves creating threat models for web applications and supporting development teams across the agile Software Development Life Cycle (SDLC).
• Assisting in the evaluation, selection, onboarding, and management of AppSec vendors and Solutions

The Requirements Needed:

• 3-5+ years of web and mobile application security experience with Secure Software Development Life Cycle (SSDLC)
• Strong grasp of application design and architecture
• Proficiency in manual and automated penetration testing methods/tools (e.g., Burp Suite, Fortify, Backtrack Kali, Metasploit Framework)
• Knowledge of programming languages (.Net, C#, JavaScript, etc.), cloud platforms (e.g., Azure), and database technologies in the security domain
• Familiarity with WAF technologies, security frameworks (OWASP-TOP 10, SANs-TOP 25, CWE), and participation in Bug Bounties & Capture the Flag (CTF) would be beneficial.

Transferable Skills:

• Excellent verbal communication
• Excellent written skills for preparing reports and briefings.
• Excellent analytical reasoning
• Problem-solving approach

Education:

• Post-secondary education, University education and Technical Certifications required.
• Certifications and Skills:
• Preference will be given to candidates to have CISSP.
• Good to have Offensive Security Certified Professional (OSCP)

The team you will join:
Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through our mortgage broker channel and service commercial clients through our national origination team of empowered advisors.
At First National, It’s in our Nature is our rallying cry. It underlies our values, beliefs, and how we show up for each other, our clients, our partners and the community. Our nature defines who we are and guides every decision we make.
First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation or any other category protected by law.

Similar Jobs