Application Security Engineer

Symcor - Mississauga, ON (30+ days ago)

Apply Now

JOB DESCRIPTION

Position Type: Full Time

Department: Information Technology - Information Security & IT Risk Management

Work Location: 1 Robert Speck Parkway, Mississauga,ON

Work Hours: Days

Job Level: 16

Travel: No

Posting Expires: 2020/08/06

Come and join our team, but first, let us tell you why we love working here!

We're 100% Canadian, 9 locations across the Country
20+ Year track record of performance excellence and a focus on innovation
We are working on some pretty cool stuff that is leading the industry!
We've been awarded for our Diversity and Inclusion programs and recognized as one of Canada's Greenest Employers, 9 years in a row!
Join us and learn by being part of a winning, high-performance team!

The opportunity

In this role, you will get an opportunity to participate with and/or assist the Security Architect in deploying, managing and maintaining the information security operations that ensures that the company’s information assets are adequately protected within the company’s risk appetite. Participate/Assist in and execute the deployment, monitoring, maintenance, and enhancement of the organization’s security technology, including creating recommendations for further system security enhancements

What you will do

Participate in the implementation, management and maintenance of a centralized enterprise security operations function. Participate / Assist in the design and execute/ implement and manage vulnerability testing, security exposure and risk management analysis tools and methodologies to protect mission critical platforms and applications.
Assist in Design, manage and maintain the security monitoring infrastructure ( e.g. IDS, FIM, Hardening and Compliance configuration management, Web Filtering, SIEM, Vulnerability Management, Forensic Tools, Application Security, IAM, Identity Federation / SSO, API Management, Password Management, etc)
Participate in ongoing process execution to monitor threats and incidents including escalating to other enterprise teams to triage and respond
Perform ongoing R&D efforts to stay abreast with security technology
Actively support the implementation of security specialized technical controls
Manage vulnerability assessment and monitoring tools, such as host and network IDS systems, system integrity management systems, Application Security testing systems (SAST, DAST) and, internal and external penetration testing
Ongoing process execution to onboard new applications onto vulnerability and application security testing platforms
Ensure ongoing execution of risk based vulnerability reporting framework to ensure that vulnerable systems are timely patched by applicable Symcor teams
Engage with project teams to ensure appropriate support is provided to remediation teams to implement timely remediation
Actively participate a resource in Symcor’s enterprise security consulting practice to provide technology and communication guidance in all matters related to secure development and implementation of both infrastructure and application platforms. Act as the intermediate level information security technical expert to drive leading edge infrastructure technology.
Assist in identification of the Enterprise-level information security requirements supporting the application design and implementation process
Participate and assist in definition and implementation of Enterprise Information Security Architecture Standards and Policies and keep them current
Provide guidance to Symcor personnel with respect to IT risks, mitigation and control effectiveness
Review and assist in responding to information security requirements within vendor or client RFP’s and contracts, such as security administration, monitoring, encryption, privacy and confidentiality requirements
Actively support the implementation of security specialized technical controls
Participate/assist in review of internal and external auditor findings and recommendations
Participate and assist in maintenance and execution of Symcor’s information security threat and incident management program. Actively assist the Symcor Computer Security Incident Response Team (CSIRT) in investigation of security incidents, such as breaches and system attacks.
Identify and analyze security exposures to Symcor’s information assets, processing systems and networking environment.
Monitor trends, evolving risks and potential countermeasures.
Assist in conducting of proactive threat management exercises including ongoing execution of threat modelling, threat hunting activities by internal security operations and consulting teams

What you need to have to succeed

Degree or diploma in Computer Science or Engineering
5+ years of experience in Information Technology
2+ years of coding/development experience
1+ years experience working with Java, Javascript, Node.JS, Python
Knowledge of information security normatives: current and evolving information security related standards and architecture frameworks, regulatory compliance frameworks, and audit standards and practices.
Knowledge of security vulnerabilities, exploits, and practical mitigations. Knowledge of security vulnerability testing tools (e.g. Network Vulnerability Scanners and SAST/DAST technologies). Experience with development and execution of threat assessments and security testing methodology.
Knowledge of Identity and Access Management (IAM) technology and best practices: understanding of Enterprise authentication & authorization services, (SAML, OAUTH), directories, and PKI.
Junior level proficiency with enterprise Operating Platforms (Windows, Unix, Linux) and their enterprise management technologies (Active Directory/ADFS, LDAP, SMB, etc..).
Understanding of network technologies (e.g. firewalls, gateways, switches, routers, IDP/IPS, concentrators, load-balancers) and network application protocols and their built-in security mechanisms (e.g. TCP/IP, SSL/TLS, IPSec, HTTP, SSH, SMTP, SNMP etc.), as well as internetworking design concepts and architectures.
Understanding of both public and private virtualization technologies (e.g. Hyper-V, AWS, Azure, Office365, VMWare ESXI, Containerization, etc.).
Understanding of Devops and DevSecOps processes, workflows, and technologies.
Able to read, write and understand code from multiple development languages.

What is in it for you!

At Symcor, we define our success by what we help others achieve. We were created to support our clients and, through our products, services and solutions, protect and strengthen their brands. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation
Leaders who support your development through coaching and managing opportunities
Ability to make a difference and lasting impact
Work in a dynamic, collaborative, progressive, and high-performing team
Opportunities to do challenging work
Opportunities to take on progressively greater accountabilities
Work-Life Balance