Cloud Security Engineer

• Business group: Cloud & Platform Engineering – The Security Enablement and Engagement team operates within the broader Cloud & Application Security mandate – mission is to guide the development community through a seamless transition to modern security tools that align with the Bank’s long-term strategy and evolving threat landscape.
• Project: Cloud & Application Security is seeking a Cloud Security Engineer to support a major initiative (Cloud Acceleration Program / CNAPP) aimed at enhancing the Bank’s cloud & application security transformation – This role also supports compliance with Client AppSec Standard and Section 2.4 of OSFI-B13 regulations

• The successful candidate will be instrumental in delivering the next generation security capability through a large-scale transformation effort at the Bank; exposure to cutting edge cloud technologies, working on a high visibility project for a top 5 Canadian Bank. They will have the opportunity to be part of a team of developers and their leaders—by delivering timely, relevant, and actionable insights through dashboards and reporting tools —supported by an operations team that enables the business in increasing enterprise value.

• As a key member of the Security Enablement and Engagement team, the contractor will help the broader team modernize critical security processes for our developer community through various forms of engagement and operational work.
• In this role, they will serve as a subject matter expert on metrics related to tracking, monitoring, dashboarding, (KPIs, KRIs security findings, vulnerabilities) and day-to-day operations. Responsibilities may also include administering and tracking training programs, maintaining communication channels, and coordinating developer engagement activities such as product launch events and updates.
• Reporting and Metrics – keep track of KPIs for Cloud & Application Security.
• Using these metrics, assist in delivering progress reports to business lines on their team’s KPIs/KRIs—audit and regulatory compliance priority
• Provide support to development teams in retrieving vulnerability/finding details related to KPIs/KRIs and help triage their issues.
• Curate KPI/KRI historical progress to allow period-over-period comparisons and track how business is improving/progressing over time.
• Derive insights from correlated metrics and communicate regularly to Cloud & Application Security leadership, including steerco, if required.
• Program Awareness & Outreach: (assist from time to time, whenever resources are tight)
• Assist in influencing culture-shift and spreading awareness of AppSec Standards, upcoming migrations, their potential impact and discussion boards.
• Assist newly onboarded developers/engineers and set them up for success faster than their predecessors regarding the Bank’s security standard and processes.
• Assist in organizing 10-12 Lunch and Learn sessions per year to engage the dev community about Bank standards, current and upcoming tool migrations, and KPI/KRI results that demonstrate how their work is keeping the Bank safe.
• Regularly solicit feedback on migration efforts and share w/stakeholders for action.
• Maintain team’s portal updated with self-serve resources for business line devs teams
• Cloud & AppSec Trainings/KT:
o Assist in administering/hosting trainings, lunch-and-learns year-round, including communications, participant tracking, esp. reporting on developer progress to identify gaps in information dissemination.
o Curate self-serve training documentation, that would guide developers how to navigate the Bank’s evolving toolset and corresponding processes.
• Enablement Support – assist in supporting managers and developers:
o Occasionally provide Level 1 support for cases related to onboarding, offboarding, triaging, other non-standard requests, as well as support regarding training, FAQs, online resources. – grassroots familiarity with the struggles of dev teams can help with distillation of insights.

• 10+ years’ experience of relevant IT and analytics experience, with 3+ years of experience as a Cloud Security Analyst (GCP, Azure)
• Expert level of experience and knowledge of Power BI (dashboards, data source integration)
• 3+ years’ experience with enterprise infrastructure management and automation (with at least 2-3 of these: PowerShell, Python scripting, .NET scripting, M365, Azure and Power Platform technologies)
• 3+ years’ experience with Git in Azure DevOps pipelines, YAML, CRON
• 3+ years’ experience with SQL Server, SSI packages and designing table structures

• Experience with SAST, DAST, MAST, SCA tools, Aquasec, Checkmarx, related apps
• Recent relevant Financial Industry Experience supporting Security related vulnerabilities –hands on experience would be ideal

• Excellent analytical skills with superb ability to distil complex results into simple to understand findings and actionable insights the business can take.
• Great communication and triaging skills with developers and leadership teams on a regular basis (Presenting, engaging stakeholders, developers etc.)
• Ability to work well under pressure, demonstrating professionalism and experience.
• Great customer experience skills.
• Fast, adaptable learner.
• Organized, self-sufficient with a good sense of autonomy and prioritization skills.
• Must have the ability to generate reports and tailor communication strategies for various levels of technical staff and management.

• University degree or college diploma – in Systems Engineering or Computer Science
• Data analytics certifications an asset

• Ideal candidate has strong PowerBI dashboard experience, expert experience with enterprise infrastructure management and automation; candidate who is independent and requires minimal hand holding, can take initiative on deliverables, is a self-starter type and asks questions proactively

• 1 or 2-Step Process – 30-45 minutes
• 1 MS Teams Interview with Hiring Manager, with possible second follow-up interview (with Global Head)
• For the interviews – need to see portfolio of dashboards that was previously built in their roles to assess data design and analysis skills – can just present this live in the interview (no need to be sent ahead of time)*

13377

Contract

6 months

Toronto