Ville : Toronto

Catégorie :

Industrie : Materials & Construction

Employeur : Stantec

Application Security Specialist - ( 220000UU )

Description

Grow with the best. Join a smart, creative, and inspired team that works behind the scenes to support operational excellence. Our functional services teams (FSTs) provide services to 25,000 employees in over 350 locations worldwide. Bringing together individuals with diverse backgrounds, talents, and expertise, our FSTs are vital to making our Company stronger.

Your Opportunity

We are currently seeking a Junior Application Security Specialist to join our team!

This position will offer the qualified candidate a terrific opportunity to work on new and exciting projects. Stantec is looking for someone with strong application security testing capabilities, a good understanding of compliance requirements such as NIST, ISO27001, CMMC and DFARS, as well as someone who can work with our Security Operations team to help in troubleshooting incidents.

Your Key Responsibilities

• Participate in and support application security reviews, threat modeling, code reviews and dynamic testing activities.
• Consult with the development teams on the SAST/DAST results, ruling out false positives. Assure urgent app security findings are escalated to the appropriate team and lower priority issues added to the correct engineering backlog.
• Maintain knowledge of the latest application vulnerabilities and attacks against third-party components and transitive dependencies.
• You will be required to occasionally perform peer code and configuration reviews for insecure logic, high-risk changes, and misconfigurations that could pose a security risk.
• You will be required to occasionally assist the senior application and pen-testing specialist in designing tests/tools to try to break into security-protected apps.
• Assist the senior application specialist building DevSecOps CI/CD pipelines, Infrastructure as Code and working with AppSec cloud API services.
• Approximately 30% of your time you would be responsible to support the Stantec Security team as required to help Stantec meet and maintain security compliance and deal with security operational incidents.

Qualifications

Your Capabilities and Credentials

• Strong oral and written communication skills.
• Solid understanding of networking and system administration.
• Understand cryptography, reverse engineering, web applications, databases.
• Real-world corporate experience with Static Code Analysis tools.
• Real-world corporate experience using GIT to submit pull/merge requests.
• Real-world experience testing applications to find security or unexpected behavioral bugs.
• Comfortable coding in one programming language (minimum)
• An understanding of scripting and programming as well as the following software and standards:

+ Programming languages (SQL, PHP, C, Java, JavaScript, Ruby, Python)

+ Scripting (Bash, PowerShell, Cloud Shell = [Azure, AWS, GCP])

+ Security tools (Burp Suite, Nmap NSE, Enterprise SAST/DAST)

+ Security frameworks (such as NIST, SOX, HIPAA, ISO)

+ Operating systems (such as Linux, Unix, Windows)

• Ability to review data and analyze the processes needed to correct security issues.
• Working knowledge of regulatory guidelines and standards, compliance standards and policies, audit techniques, regulatory issues, operations, and procedures as they relate to the organization is preferred
• Experience working in a large organization

Preference for:

• Experience with the HCL language for Terraform or Packer.
• Experience with cloud API integration gateway's or WAF's.
• Contributed code or security fix to your company's private repo.
• DevOps or DevSecOps certification or equivalent real-world experience with enterprise SAST/DAST/IAST tools is preferred.

Education and Experience

• Minimum 2 years of related IT security experience.
• Post-secondary degree/diploma in information systems or related field, or equivalent experience

This description is not a comprehensive listing of activities, duties or responsibilities that may be required of the employee and other duties, responsibilities and activities may be assigned or may be changed at any time with or without notice.

Primary Location : Canada-Alberta-Edmonton

Other Locations : Canada-Ontario-Toronto

Job : IT Security Development

Organization : BC-1374 IT Services-Corporate-Canada

Employee Status : Regular

Job Level : Individual Contributor

Travel : No

Schedule : Full-time

Job Posting : Mar 4, 2022, 3:44:44 PM

Req ID: 220000UU

Vaccine Policy: Stantec requires some positions in North America to be fully vaccinated against COVID-19 subject to reasonable accommodation to the extent required by law because of a medical reason or a sincerely held religious belief.

Stantec provides equal employment opportunities to all qualified employees and applicants for future and current employment and prohibit discrimination on the grounds of race, color, religion, sex, national origin, age, marital status, genetic information, disability, protected veteran status, sexual orientation, gender identity or gender expression. We prohibit discrimination in decisions concerning recruitment, hiring, referral, promotion, compensation, fringe benefits, job training, terminations or any other condition of employment. Stantec is in compliance with local, state and federal laws and regulations and ensures equitable opportunities in all aspects of employment. EEO including Disability/Protected Veterans