Application Security Specialist - 6-Month Contract (Hybrid)

Application Security Specialist - 6-Month Contract (Hybrid) page is loaded

Apply locations Vancouver Toronto time type Full time posted on Posted Yesterday job requisition id R1578

Central 1 cooperatively empowers credit unions and other financial institutions to deliver banking choice to Canadians. Central 1 provides critical services at scale to enable a thriving credit union system. We do this by collaborating with our clients, developing strategies, products and services to support the financial well-being of their more than 5 million diverse customers in communities across Canada. For more information, visit www.central1.com .

What we offer:

• Work-life flexibility
• Hybrid work environment
• One-time allowance to set up your office for remote-first employees
• Variable annual incentive plan
• Generous annual vacation allotment
• Top-notch flexible benefits plan including family building and gender affirmation
• Retirement Plan, matched contributions at 6%
• Access to a learning platform and educational assistance support
• Access to a virtual wellness platform
• Career development opportunities
• Wellness Flex Fund to support personal interests and activities
• Day off to volunteer in your community and other paid time off options
• Corporate discounts

*subject to employment agreement

Job Summary:

The Application Security Specialist will have extensive experience in full stack web applications, API, and/or mobile development. They will understand and be comfortable articulating the principles of secure coding to the Development and Technology teams within Central 1, and enjoy identifying and remediating application vulnerabilities.

The ideal candidate is expected to be a champion for good, sustainable development practices to improve the security posture of Central 1’s application portfolio by supporting teams to build stable, mature, and secure applications.

The candidate will apply their passion for application security through threat modelling, secure coding methodology, and application vulnerability testing, while evangelizing secure development and design as key components of overall application health and stability.

What you`ll be doing:

• Facilitate threat modelling and risk assessments at the product, project, and team level.
• Participate in the planning and design of enterprise security architecture.
• Contribute to the creation of enterprise security documents (architecture blueprints, policies, standards, baselines, guidelines, and procedures).
• Provide oversight and contribute to the design and deployment of application solutions following C1’s SOC 2 Type 2 Process.
• Maintain up-to-date knowledge of the information and application security industry, including new security solutions, processes, attacks, and threat vectors.
• Recommend security solutions or enhancements to improve enterprise security.
• Develop and implement security testing strategies for SAST, DAST, and Penetration Testing.
• Develop CI/CD pipelines for automated security testing.
• Perform penetration testing or develop exploits as needed.
• Participate in investigations of security incidents, triage vulnerabilities, and validate fixes.

What you`ll have:

• A strong interest in secure software development, exploit development, or good development hygiene.
• Post-secondary credentials with an IT or Software development focus or equivalent experience.
• 5+ years of software development or QA experience.
• 5+ years experience with Java, Python, PHP, C++, C#, or Objective C.
• 2+ years in web API development.
• 2+ years developing secure coding practices, remediating weak code, and building exploits.
• Knowledge of threat modelling and risk mitigation strategies.
• 3+ years supporting complex web application environments.
• Understanding of OWASP Top 10 and SANS Top 25 vulnerabilities.
• Strong understanding of web protocols such as HTTP, TLS, Web Sockets, and SOAP.
• Experience with API standards and testing tools like Swagger/OpenAPI, Postman, or WSDL.
• Experience in financial services environment development.
• Working knowledge of Linux or BSD systems and shell scripting.

Nice to have:

• Experience with web application testing platforms like PortSwigger Burp or OWASP ZAP.
• Experience with security testing tools such as Kali Linux or Metasploit.
• Experience developing or modifying Metasploit modules.
• Experience with threat modelling techniques like STRIDE, DREAD, or PASTA.
• Experience assessing risks using OWASP risk matrix.
• Experience performing full web application security tests and report development.
• Experience with SIEM/logging platforms such as Splunk, ELK Stack, DataDog, New Relic, or Dynatrace.
• Understanding of IP, TCP/IP, and network protocols.
• Understanding of Windows Server, Windows Desktop, and MacOS.
• Familiarity with incident management, issue tracking, and ISO 27001.
• One or more certifications in Application Security such as GPEN, OSCP.

Hourly rate: $75.00 - $90.00/hour

The rate reflects the job rate for a fully competent candidate. Actual salary varies based on market conditions, knowledge, skills, qualifications, experience, and education.

#LI-Hybrid

Central 1 is an equal opportunity employer committed to diversity and inclusion. We provide accessible candidate experiences and accommodations upon request.