Job Title | Specialist Application Security |
Division | Office of the Chief Information Security Officer |
Reports To | Manager Application Security |
Max Salary Range | $112,280 to $149,247 |
Work Location | 55 John Street, Toronto |
Job Type | Permanent Full Time |
Shift Information | Monday to Friday, 35 hours work week |
JOB SUMMARY:
We are seeking a skilled Application Security Specialist with experience in secure coding practices, threat modelling, Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and container security.
The ideal candidate will play a critical role in safeguarding our applications and services by implementing robust cyber security measures throughout the software development lifecycle.
Will provide expertise, guidance, advice, and operational support for the development, deployment and management of application security program to ensure the City is adequately protected from cyber security threats and to support the execution of the Chief Information Security Officer’s (CISO) mandate, cyber vision and strategy.
Will design, configure and implement security systems to protect the City’s computer networks from cyber attacks, and set and maintain security standards.
Will provide techinal and advisorysupport and services to all City’s divisions and Agencies and Corporations for Application Security.
MAJOR RESPONSIBILITIES:
- Conduct Security Assessments: Perform regular security assessments, including vulnerability scanning, penetration testing, and code reviews, to identify and remediate potential security weaknesses.
- Threat Modeling: Conduct comprehensive threat modeling exercises to identify, analyze, and prioritize potential security threats and risks in software applications. Utilize frameworks such as STRIDE or PASTA to systematically assess vulnerabilities.
- Manage Security Tools: Utilize SAST, DAST, and SCA tools to analyze code and third-party components for vulnerabilities; oversee the implementation of automated security testing within CI/CD pipelines.
- Container Security: Implement security measures for containerized applications, ensuring compliance with best practices for container security.
- Collaboration: Work closely with development, operations, and IT teams to ensure that security measures are effectively integrated into all stages of application development and deployment.
- Secure Coding Practices: Provide guidance on secure coding practices to development teams, ensuring that security is integrated into the application development process from the outset.
- Research & Technical Advice: Work with senior specialists on complex projects, providing technical knowledge, research, proof-of-concepts, and support for cloud security (CASB), web application and API security (WAAP), securing AI systems, and others.
- Cybersecurity Solution Configuration and Advice: Assist Sr. Specialists in developing and implementing detailed cybersecurity configuration plans/designs, based on specific program requirements. Provide recommendations on improvements to business processes and security practices.
- Project Support & Collaboration: Collaborate on cybersecurity projects, ensuring effective communication, high work standards, and organizational performance. Provide input and support to project teams, including scheduling, reviewing work, and contributing to project execution.
- Emerging Technology & Risk Management: Stay up to date with cybersecurity trends, risks, and technologies. Participate in security strategy reviews and the evaluation, implementation and configuration of technical solutions, while helping assess cybersecurity needs of business strategies.
- Contract & Document Preparation: Support in preparing RFPs, Statements of Work, and other contractual documents. Help ensure cybersecurity-related expenditures remain within budget.
QUALIFICATIONS/CERTIFICATIONS:
- Education: Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Experience: Proven experience in application security (minimum three years)
- Certifications: Relevant certifications such as CISSP, CEH, OSCP or equivalent are highly desirable.
- Technical Skills:
- Proficient in secure coding practices across multiple programming languages (e.g., Java, C#, Python).
- Strong understanding of application vulnerabilities (OWASP Top Ten) and mitigation strategies.
- Experience with SAST, DAST, SCA tools and threat modeling methodologies.
- Familiarity with container orchestration platforms (e.g., Kubernetes) and their security best practices.
SOFT SKILLS:
- Excellent analytical and problem-solving skills.
- Strong communication skills to effectively collaborate with cross-functional teams.
- Ability to work independently in a fast-paced environment while managing multiple priorities.
- Ability to work in transformative program
- Highly organised, proactive, self-motivated team player who takes initiatives and is able to work independently
ADDITIONAL COMMENTS/INFORMATION:
A normal work week is 35 hours; however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.
*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.
Equity, DIVERSITY, and Inclusion
The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.
ACCOMMODATION
The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.
The pay range that the employer reasonably expects to pay for this position is between CA$112,280 and CA$149,247
Our voluntary benefits offering includes medical, dental, vision and retirement benefits.
Applications will be accepted on an ongoing basis.
Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.
Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.
Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!
Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.
Open ears. Open minds. Open futures