Application Security Analyst

• Our client is looking for one or more Application Security Analysts to join and contribute to various cybersecurity initiatives within the Cyber Security Maturity Program and other directives from the Branch.
• CSRM manages all aspects related to IT security, including but not limited to:
• Providing interpretation and enforcement of information security policies and standards;
• Providing information security education and awareness;
• Responding to information security incidents;
• Performing Threat Risk Assessments (TRAs) for IT-related initiatives across the government;
• Overseeing security assessment and requirements for IT solutions and services procurement;
• Offering security advice and guidance to business areas;
• Evaluating new threats and vulnerabilities.

Job Responsibilities :

The Cyber Security and Risk Management Branch plans to hire one or more qualified Application Security Analysts, whose duties will include, but are not limited to:

• Utilizing automated and manual techniques to test application security.
• Performing vulnerability assessments and penetration testing on applications.
• Conducting security testing for web and mobile applications.
• Testing security of web services and APIs.
• Reviewing code developed by the AMS team when required.
• Analyzing false positives/negatives and providing recommendations to developers.
• Protecting web applications using Web Application Firewalls (WAF).
• Building strong relationships across GOS and collaborating to enhance application security.
• Participating in performance evaluations as deemed appropriate.
• Having familiarity with GOS or similar entities' technical and business environments will be assessed.

Must Haves :

• Candidate must hold a CISSP or Certified Ethical Hacker certification.
• Candidate must be able to work onsite at a Government of Saskatchewan office in Regina, Saskatchewan, starting from the contract's commencement.

Scored Requirements :

• Describe in detail the candidate's experience with GOS or similar entities, focusing on technical and business aspects.
• Demonstrate achievements in Application and Information Security, with experience in private and/or public sectors.
• Knowledge of cybersecurity standards like OWASP and experience with security testing tools.
• Experience with vulnerability scanning, analysis, and risk management.
• Experience with infrastructure risk identification, reporting, and mitigation.
• Experience with static and dynamic application security testing using automated tools and manual techniques.
• Knowledge of Secure SDLC and DevSecOps practices.
• Understanding of cloud security and deployment models.
• Knowledge of network infrastructure, routing, DNS, and web filtering.
• Experience with application development security practices.
• Familiarity with ISO/IEC standards or equivalent security control frameworks.
• Strong interpersonal and communication skills, effective at all organizational levels.

Note :

• Work is to be performed onsite at Regina offices due to security restrictions.

About the Company :

• Our client provides coordination and delivery of property management, IT, procurement, project management, transportation, and other services to government ministries and agencies.