Security Analyst

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Sun Life seeks a talented individual to fill the role of Application Security Analyst within Application Security team. The ideal candidate will play a key role in Application Security, Vulnerability management, and security testing within Sun Life.

• The successful candidate will play a critical role in Sun Life to advance DevSecOps. In this position the incumbent will lead the evaluation, creations and implementation of application security tools, processes within the CI/CD Pipeline's globally. The successful candidate must not only understand the cyber security issues associated with application design and implementation but also must be willing to embrace a development attitude as they will be working closely alongside developers and other DevOps professionals to achieve a secure role out of DevSecOps across Sun Life's major operating geographies globally.

Preferred skills

• Demonstrated experience leading vulnerability management and analysis.
• Hands on experience with SAST, SCA, DAST, MAST tools and techniques
• Strong working knowledge of Java, J2EE,web services and application integration technologies
• Expert knowledge of OWASP top 10 (Web, Mobile, APIs) and SANS top 25
• Experience with secure development and testing of APIs, microservices, containers and Cloud (AWS) is a big plus.
• Self-motivated, proactive, driven and strong problem-solving skills.
• Ability to communicate effectively to technical and nontechnical audiences and work with business partners as well as infrastructure teams
• Security certifications such as GWAPT, GWEB, CEH, CASE, CSSLP or similar preferred but not required.
• RCMP Enhanced Reliability Clearance is required for this role

Qualifications

• University or College diploma in Computer Science, engineering or equivalent.
• CISSP/CEH or cyber security certification
• 2+ yrs in IT Design/Application Design & Implementation
• 3+ yrs Cyber Application Security experience
• Experience reading and understanding Pen test findings.
• Knowledge of software applications both development and the vendor procurement life cycle.
• Experience working in process engineering
• Software development background (C++/Java/.NET) (2+ yrs)
• Working in agile environment.
• Designing and implementing DevSecOps CI/CD Pipelines (1+yrs)
• Working and designing cloud solutions (1+ yrs)
• Experience in managing Application Security platforms SAST/DAST/SCA/MOBILE (1+yrs)
• Ability to create professional looking Visio diagrams
• Solid understanding of DevSecOps and Agile Security concepts.
• Programming knowledge preferred

Responsibilities

• Assist with running an management of application security tools such as SAST, SCA, MAST, DAST, etc.
• Review vulnerability results and provide remediation direction to delivery teams teams
• Conduct reviews on tools and provide the relevant tuning and upgrades with respect to penetration test findings.
• Create metrics (KPI and KRIs) for vulnerability management program and present to senior management.
• Participate in crafting the Application Security and vulnerability management directives as required.
• Educate development teams on OWASP top 10 vulnerabilities for Web, Mobile and APIs.
• Automate redundant security tasks and bring in efficiencies within existing security processes.
• Provide ongoing support of mobile and web application systems in production including responding to operational requests,problem analysis, resolution, escalation, and reporting as necessary
• Create and maintain supporting documentation

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our Clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process, or those needing job postings in an alternative format, may e-mail a request to thebrightside@sunlife.com .

We are proud to be a hybrid organization that offers our employees the choice and flexibility to work from both the office and virtually based on the needs of the business, our Clients and you! Several work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

At Sun Life, you can be your most brilliant self. Our supportive, flexible, and inclusive work environment is one where you – and your career – can thrive. Whatever your aspirations, collaborative leaders and colleagues are ready to help you learn, grow, and succeed.

We’re a global company with a passion for people. Our purpose is to help Clients achieve lifetime financial security and live healthier lives. As a team of 30,000 across 26 countries, our impact is far-reaching, and locally relevant There’s power in numbers. As part of Sun Life’s growing team, you have an impact on people in your community and around the world.

Shape the future

With an optimistic eye on a brighter future, we drive to innovate. Be part of leading change, push boundaries and try new ways of working. Use data to drive bold actions. Be agile and pivot as we test and learn. At Sun Life, we’re driving transformation, sustainability and innovation for our Clients, employees, partners, and communities. Join us. Together, we can make the future brighter.