Cloud Security Engineer x2

Location: Hybrid - Toronto; open to fully remote candidates

Contract Duration: 6 months

Possibility of extension & conversion to FTE

Number of Positions: 2

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week

Reason: Additional Workload

Business group: Application Security – team is enterprise app sec team responsible for reviewing the security scan results and ensure that applications developed are promoted to production without critical high vulnerabilities

Project: With the progressing of Cloud Acceleration Program, the position is required to observe the increasing demand to support the CNAPP DevSecOps Gating operation for current state, and support the standardization and automation of DevSecOps gating for all CNAPP capabilities

We are seeking 2 Cloud Security Engineers to join our Application Security Operations team. This is more of an operations role than some of the others released in this program, triaging tickets and supporting the releases.

The successful candidate will be instrumental in delivering the next generation security capability through a large-scale transformation effort at the Bank; exposure to cutting edge cloud technologies, working on a high visibility project for a top 5 Canadian Bank.

• Contribute to the success of our cloud transformation by supporting the Review and Triage of the findings flagged by CNAPP
• Manage the Exception/Exemption requests
• Support the Design and Implementation of the DevSecOps gating focusing on automation
• Develop and/or enhance strategies and processes to manage the security vulnerabilities and threats for cloud native applications
• Adhere to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate identified risks
• Develop and/or enhance the strategies and processes to identify, analyze, and communicate cloud workload vulnerabilities as per the CISO Directives, technical standards and published communication process flows
• Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives

1. 10+ years’ relevant working experience in IT (cloud security, application security, etc.)
2. 5+ years’ experience as an application security analyst, with demonstrated experience in security integration, automation of security processes, risk and vulnerability assessment and mitigation (OWASP, CVE)
3. 3+ years’ experience with Cloud Security domains like CNAPP, CWPP, CSPM and/or tools like SCCE, CrowdStrike, Prisma Cloud, Aqua Enterprise, MS Defender etc.

1. 5+ years’ experience with popular CI/CD tools and processes like BitBucket/GitHub, Jfrog Artifactory, Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
2. 3+ years’ experience with large organization cloud transformation

• Excellent communication skills and good support skills for triaging and analysis of issues for all development teams
• Proficient at collaborating with various stakeholders to achieve the objectives assigned

• Undergrad or equivalent experience – valuing work experience more
• GCP PCSE Certification preferred

Strong background in application security; hands-on work experience with CNAPP (Cloud Native Application Protection Platforms space and have strong Cybersecurity and Cloud security knowledge and skills. In addition, you have strong communication and stakeholder engagement skills, allowing you to understand and implement CNAPP solutions and apply best practices.

• 1 round – remote – MS Teams Video Conference Call
• Interview with HM and one or two Senior Lead – 1 hour – technical interview focusing on CNAPP product/solution integration within the SDLC and vulnerability assessment knowledge and skills

ASAP