Specialist Application Security

JOB SUMMARY:

We are seeking a skilled Application Security Specialist with experience in secure coding practices, threat modelling, Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and container security.

The ideal candidate will play a critical role in safeguarding our applications and services by implementing robust cyber security measures throughout the software development lifecycle.

Will provide expertise, guidance, advice, and operational support for the development, deployment and management of application security program to ensure the City is adequately protected from cyber security threats and to support the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision and strategy.

Will design, configure and implement security systems to protect the City's computer networks from cyber attacks, and set and maintain security standards.

Will provide technical and advisory support and services to all City's divisions and Agencies and Corporations for Application Security.

MAJOR RESPONSIBILITIES:

• Conduct Security Assessments: Perform regular security assessments, including vulnerability scanning, penetration testing, and code reviews, to identify and remediate potential security weaknesses.
• Threat Modeling: Conduct comprehensive threat modeling exercises to identify, analyze, and prioritize potential security threats and risks in software applications. Utilize frameworks such as STRIDE or PASTA to systematically assess vulnerabilities.
• Manage Security Tools: Utilize SAST, DAST, and SCA tools to analyze code and third-party components for vulnerabilities; oversee the implementation of automated security testing within CI/CD pipelines.
• Container Security: Implement security measures for containerized applications, ensuring compliance with best practices for container security.
• Collaboration: Work closely with development, operations, and IT teams to ensure that security measures are effectively integrated into all stages of application development and deployment.
• Secure Coding Practices: Provide guidance on secure coding practices to development teams, ensuring that security is integrated into the application development process from the outset.

• Research & Technical Advice: Work with senior specialists on complex projects, providing technical knowledge, research, proof-of-concepts, and support for cloud security (CASB), web application and API security (WAAP), securing AI systems, and others.
• Cybersecurity Solution Configuration and Advice: Assist Sr. Specialists in developing and implementing detailed cybersecurity configuration plans/designs, based on specific program requirements. Provide recommendations on improvements to business processes and security practices.
• Project Support & Collaboration: Collaborate on cybersecurity projects, ensuring effective communication, high work standards, and organizational performance. Provide input and support to project teams, including scheduling, reviewing work, and contributing to project execution.
• Emerging Technology & Risk Management: Stay up to date with cybersecurity trends, risks, and technologies. Participate in security strategy reviews and the evaluation, implementation and configuration of technical solutions, while helping assess cybersecurity needs of business strategies.
• Contract & Document Preparation: Support in preparing RFPs, Statements of Work, and other contractual documents. Help ensure cybersecurity-related expenditures remain within budget.

QUALIFICATIONS/CERTIFICATIONS:

• Education: Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Experience: Proven experience in application security (minimum three years)
• Certifications: Relevant certifications such as CISSP, CEH, OSCP or equivalent are highly desirable.
• Technical Skills:

• Proficient in secure coding practices across multiple programming languages (e.g., Java, C#, Python).
• Strong understanding of application vulnerabilities (OWASP Top Ten) and mitigation strategies.
• Experience with SAST, DAST, SCA tools and threat modeling methodologies.
• Familiarity with container orchestration platforms (e.g., Kubernetes) and their security best practices.

SOFT SKILLS:

• Excellent analytical and problem-solving skills.
• Strong communication skills to effectively collaborate with cross-functional teams.
• Ability to work independently in a fast-paced environment while managing multiple priorities.
• Ability to work in transformative program
• Highly organized, proactive, self-motivated team player who takes initiatives and is able to work independently

ADDITIONAL COMMENTS/INFORMATION:

A normal work week is 35 hours; however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.

*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.