Job Description.
Hands-in engineer with practical experience on security configuration, networking and automated security scan with related tools (Gulp, OWASP, SonarQube…)
Mandatory Skills & Experience

• 3-5 years of recent digital security experience with formal security certification; Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT) or Offensive Security Certified Professional (OSCP)
• 1-2 years of experience applying your craft in an agile delivery shop, Scrum & Kanban
• Bachelor degree in Computer Science, Information Technology, Engineering or related discipline
• Can apply Open Web Application Security Project (OWASP) and modern network security practices in day-to-day activities
• High comfort level with technical navigation of digital systems, both the application & infrastructure layers
• Practical experience with threat detection/prevention, incident response, vulnerability management, threat modeling, risk management methodology, data de-identification and encryption standards
• Identify and interpret security design requirements and their benefits for technical and non-technical stakeholders
• Tendency to balance business and security needs to improve the customer experience, building and maintaining relationships through coaching, not policing
• Understanding of adversarial tactics, a penchant for curiosity, exploration and learning to stay current in your field
• Experience with enabling teams to practice sound data governance, i.e., for digital analytics
• Desire to collaborate, roll up your sleeves/be in the weeds, ideally, you don’t need anyone to code for you, comfort with Node.js/React
• Affinity for automating repetitive functions and a general dissatisfaction with traditional ways of doing things

 
 
Great-to-have
 
- Awareness of regulatory factors governing our industry, i.e., privacy & Canada's Anti-Spam Legislation