Senior Specialist Application Security

Job ID:                               COT-2024-12

Job Title:                         Senior Specialist Application Security

Division:                          Office of the Chief Information Security Officer

Reports To:                    Manager Application Security

Salary Range:              $122,305.00 to $163,639.00

Work Location:         55 John Street, Toronto

Job Type:                        Permanent Full Time

Shift Information:    Monday to Friday, 35 hours work week

JOB SUMMARY:

We are looking for a Senior Application Security Specialist with 5+ years of experience to lead our application security efforts, focusing on DevSecOps practices, container security, threat modeling and cloud security. The ideal candidate will play a crucial role in ensuring the security and integrity of our applications throughout the development lifecycle.

To provide strategic and operational guidance to the Manager Application Security as well as the Director Cyber Threat Management in the execution of its mandate to establish and maintain a City-wide cyber program to ensure the City is adequately protected.

MAJOR RESPONSIBILITIES:

  • Implement and maintain robust application security practices within our DevSecOps framework. Collaborate with development teams to integrate security into CI/CD pipelines.
  • Perform security assessments, code reviews, and help dev teams in remediation.
  • Conduct threat modeling for new and existing applications and systems
  • Develop and enforce container security policies and best practices.
  • Implement and manage cloud security solutions including but not limited to CASB, Microsoft Defender products, and container security measures for Docker and Kubernetes to ensure comprehensive protection of cloud data, applications, and infrastructure.
  • Provide security guidance and training to development and operations teams.
  • Stay current with emerging threats and security technologies.
  • Conduct research on different enterprise security solutions

QUALIFICATIONS/CERTIFICATIONS:

  • Post-secondary degree in Business or Technology or a related discipline.
  • 5+ years of experience in application security with strong understanding of application security threats, attack patterns, emerging security vulnerabilities. Strong knowledge of common security standards and frameworks (OWASP Top 10, NIST/ CSC/ISO 27001, etc.)
  • Strong understanding and hands-on experience of Static Application Security Testing (SAST), secure coding practices, Open-Source Analysis, infrastructure as a code scanning.
  • Expertise in DevSecOps methodologies and tools with understanding of GitHub, Gitlab, Bitbucket, Artifactory, Jenkin, micro-service, etc.
  • Experience with threat modeling techniques and methodologies
  • Proficiency in container technologies (Docker, Kubernetes) and their security implications
  • Able to work at three levels – Strategy, design, and hands on technical.
  • Strong communication and influencing skills, for working cross functionally with teams.
  • Proficient in cloud security and industry-leading best practices for robust data protection.
  • Must have excellent knowledge of different areas of IT operations / processes (change mgmt., release mgmt.), and be able to define/design security processes to meet business requirements.
  • Preferred Certifications (any in the list): CISA/CISSP/CCSP/CISM/CIA/ CEH/SANS GIAC, CSSLP, CAS)

SKILLS:

  • Ability to work in transformative programs
  • Ability to lead efficient communication between all project stakeholders, including internal teams and clients
  • Ability to achieve business objectives through influencing and effectively working with key stakeholders.
  • Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors).
  • Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
  • Keen attention to detail and strong organizational skills.
  • Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
  • Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
  • Strong analytical skills and ability to prioritise and multitask.
  • Ability to prioritize and effectively manage competing priorities and projects.
  • Ability to manage multiple initiatives while adhering to strict deadlines.
  • Tenacious and willing to support the team during peak volumes and workloads with various activities.
  • Able to work extremely well under pressure while maintaining a high level of professionalism
  • Self-motivated team player who takes initiative and can work independently.
  • Transferable skills, like communication and decision-making, are equally important.
  • Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.

ADDITIONAL COMMENTS/INFORMATION:

A normal work week is 35 hours; however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.

*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

EQUITY, DIVERSITY, AND INCLUSION

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

 ACCOMMODATION

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.

If this role is of interest to you, please submit your resume to recruiting@ipss.ca.

Scroll to Top

eNEWS Signup