Job Description.
Hands-in engineer with practical experience on security configuration, networking and automated security scan with related tools (Gulp, OWASP, SonarQube…)
Mandatory Skills & Experience
- 3-5 years of recent digital security experience with formal security certification; Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT) or Offensive Security Certified Professional (OSCP)
- 1-2 years of experience applying your craft in an agile delivery shop, Scrum & Kanban
- Bachelor degree in Computer Science, Information Technology, Engineering or related discipline
- Can apply Open Web Application Security Project (OWASP) and modern network security practices in day-to-day activities
- High comfort level with technical navigation of digital systems, both the application & infrastructure layers
- Practical experience with threat detection/prevention, incident response, vulnerability management, threat modeling, risk management methodology, data de-identification and encryption standards
- Identify and interpret security design requirements and their benefits for technical and non-technical stakeholders
- Tendency to balance business and security needs to improve the customer experience, building and maintaining relationships through coaching, not policing
- Understanding of adversarial tactics, a penchant for curiosity, exploration and learning to stay current in your field
- Experience with enabling teams to practice sound data governance, i.e., for digital analytics
- Desire to collaborate, roll up your sleeves/be in the weeds, ideally, you don’t need anyone to code for you, comfort with Node.js/React
- Affinity for automating repetitive functions and a general dissatisfaction with traditional ways of doing things
Great-to-have
- Awareness of regulatory factors governing our industry, i.e., privacy & Canada's Anti-Spam Legislation