IT Security Analyst

78539
Scarborough, ON
Contract
3 weeks ago

Position Title: IT Security Analyst
Location: Scarborough, ON
Duration: 4 months
             
Story Behind the Need:
Business Group: Our Client’s Information Security & Control (IS&C)’s Enterprise Security Services – Application Security is responsible to improve security practices and, through that, to find and preferably prevent security issues within applications.
Project: The Application Security team has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations, and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.
Candidate Value Proposition:
The candidate will have the opportunity to work on a large highly visible project within one of Canada’s top banks on a highly visible project.
Typical Day in the Role:

  • The incumbent is responsible for supporting the Senior Manager, Director, VP, SVP and CISO in achieving IS&C Strategic goals through various processes, including:
  • Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.
  • Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
  • Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives
  • Recommend, design, assess, implement, deploy and maintain application security controls required to protect client and its customers.
  • Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
  • Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
  • Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner

Must Have Skills/Requirements:

  • 10+ years of Experience as an IT Security Analyst
  • A strong understanding of multi-tier Web Applications, web API, and related vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
  • Must have a comprehensive understanding of the HTTP protocol, Secure Software Development Lifecycle (SDLC) and Web Programing for multi-tier web applications and web services.
  • For example, experience with multiple of JavaScript, SQL, HTML, XML, ASP.net, VB.net, Java, PHP, Python, PowerShell, or Ruby is essential.
  • Must have a comprehensive understanding of the OWASP Application Security Verification Standard (ASVS), and have proven working experience applying the ASVS.
  • Experience performing source code and/or application security assessments, including risk assessments, and penetration testing. The ability to demonstrate exploitation of vulnerabilities is essential, as would experience with vulnerability testing and scanning tools such as Checkmarx, BurpSuite, Acunetix, NetSparker, WebInspect, AppScan, SQLMap, ZAP, and Fortify.

Nice to have Skills:

  • Prior Financial Institutional Experience
  • An understanding of gateway technologies and network devices such as Load Balancers, Proxies, IPS, WAF, API Gateway.
  • The ability to generate reports and tailor your communication strategy for various levels of technical staff, executive management, and business clients.

Soft Skills:

  • Excellent written and oral communication skills. Ideas must be able to be understood and shared easily.
  • Strong organizational skills

Best Vs Average Candidate: The ideal candidate would have strong hands on experience as an IT Security Analyst. Specifically working in a team environment on a multifaceted project. Top qualified talent will be able to demonstrate that they have strong working experience with Application Security related tools and standards and would be able to adapt to client processes with ease.
Education:

  • Bachelors/ degree related field such as computer science
  • CISSP/CCSP certifications are an asset

Interview Process:
– 1 Round of Interviews:
– 1 hour long panel interview with the HM and the Team (6 members), primarily technical questions
– Interviews to take place ASAP
 

The pay range that the employer reasonably expects to pay for this position is between and

Our voluntary benefits offering includes medical, dental, vision and retirement benefits.

Applications will be accepted on an ongoing basis.

Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.

Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.

Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!

Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.

Open ears. Open minds. Open futures