Security Architect

  • Location: Scarborough, Ontario
  • Type: Contract
  • Job #3837

JOB DESCRIPTION

Location: Hybrid (Scarborough, ON)
Duration: Until October 31, 2024

Our client a leading financial institution in Downtown Toronto is looking for a Security Architect to work closely with development and engineering, devOps, Security Product Management and other application owner teams across the organization to integrate security into the application development lifecycle right from requirements gathering to deployment to monitoring in production. The successful candidate will have the opportunity to work with one of the Top 5 Banks in Canada.

Typical Day in role:

  • Collaborate with stakeholders across the Bank – technology, application security product, security advisory, fraud, compliance and business channel teams – to drive the product features and roadmap in application security domains like SAST, MAST, SCA, DAST etc across the Bank.
  • Policies for SCA – Security Policies, Licensing Policies and Operational Policies
  • Mobile App Publishing – coordinate with stakeholders to define the minimum-security requirements for publishing a Mobile app to the App Store (Google Play store, Apple etc)
  • Continuously evolve app sec product features based on industry best practices and emerging security threats
  • Govern and define DevOps pipeline and developer tooling use cases to integrate with enterprise app sec products
  • Will work closely with multiple cross enterprise teams to gather requirements and the adoption of new security products.
  • Implementation and operations governance based on the defined enterprise standard solution architecture and design patterns
  • Coordinate efforts from business and technology teams.
  • Communicate regularly with various business channels on the progress made for various projects in the pipeline

Must-Have Skills:

  • 10+ years’ experience in IT Security with focus on application security and/or devops
  • 3+ years product management or similar experience with AppSec domains like SAST, MAST, SCA, DAST and/or tools like Veracode, Checkmarx, NowSecure, Fortify, Snyk, Burp Suite, Zap etc
  • 3+ years’ experience with documenting process, requirements and product information
  • General knowledge of threat modeling, vulnerability management and risk assessment
  • General knowledge of OWASP Top 10, Mitre, CVE/CVSS
  • 3+ years’ experience in the financial industry

Nice-To-Have Skills:

  • Experience with deployment and managing IaaS, PaaS & SaaS solutions
  • Experience with infrastructure as code (IaC)
  • Experience with API Security
  • 3+ years’ experience with popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
  • 3+ years’ experience with CI/CD Pipeline tools and processes like BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
  • Experience building business cases demonstrative value of a product and cost-benefit analysis
  • Security certifications like CISSP

Soft Skills Required:

  • Communication: excellent written and verbal communication and interpersonal skills.
  • Must be able to operate effectively within a stressful environment with changing priorities and tight time frames which are closely scrutinized by Senior/Executive Management
  • Fast learner with strong analytical skills and improvement mindset.
  • High energy, demonstrated ability to work under pressure, deals well with ambiguities and uncertainties, and drives results.

Education:

  • Post Secondary Education

Finance professional is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. We advocate for you and welcome anyone regardless of race, color, religion, national origin, sex, physical or mental disability, or age.