Security Analyst - Contract

You are as unique as your background experience and point of view. Here youll be encouraged empowered and challenged to be your best self. Youll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day youll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals families and communities around the world.

Job Description

Sun Life seeks a talented individual to fill the role of Application Security Analyst within the Application Security team. The ideal candidate will play a key role in Application Security vulnerability management and security testing within Sun Life.

• The successful candidate will lead the evaluation, creation and implementation of application security tools and processes within the CI / CD pipelines globally. They will work closely with developers and other DevOps professionals to achieve a secure DevSecOps rollout across Sun Life\'s major operating geographies globally.
• Assist with running and management of application security tools such as SAST, SCA, DAST, MAST, etc. and interpret results to provide remediation direction to delivery teams.
• Review vulnerability results and provide remediation guidance to delivery teams.
• Conduct reviews on tools and provide tuning and upgrades in response to penetration test findings.
• Create metrics (KPIs and KRIs) for the vulnerability management program and present to senior management.
• Participate in crafting the Application Security and vulnerability management directives as required.
• Educate development teams on OWASP top 10 vulnerabilities for Web, Mobile, and APIs.
• Automate redundant security tasks and improve efficiencies within existing security processes.
• Provide ongoing support of mobile and web application systems in production including responding to operational requests, problem analysis, resolution, escalation and reporting as necessary.
• Create and maintain supporting documentation.

• University or College diploma in Computer Science, Engineering or equivalent.
• CISSP / CEH or cybersecurity certification.
• 2 years in IT Design / Application Design & Implementation.
• 3 years Cyber Application Security experience.
• Experience reading and understanding pen test findings.
• 1 year automating systems and designing automation.
• Knowledge of software applications (development and vendor procurement lifecycle).
• Excellent communication skills.
• Experience working in process engineering.
• Software development background (C / Java / .NET) (2 years).
• Working in an agile environment.
• Designing and implementing DevSecOps CI / CD Pipelines (1 year).
• Working and designing cloud solutions (1 year).
• Experience in managing Application Security platforms SAST / DAST / SCA / MOBILE (1 year).
• Ability to create professional Visio diagrams.
• Solid understanding of DevSecOps and Agile Security concepts.
• Programming knowledge preferred.

• Demonstrated experience leading vulnerability management and analysis.
• Hands-on experience with SAST, SCA, DAST, MAST tools and techniques.
• Strong working knowledge of Java, J2EE, web services and application integration technologies.
• Expert knowledge of OWASP Top 10 (Web, Mobile, APIs) and SANS Top 25.
• Experience with secure development and testing of APIs, microservices, containers and Cloud (AWS) is a plus.
• Self-motivated, proactive, driven and strong problem-solving skills.
• Ability to communicate effectively to technical and non-technical audiences and work with business partners as well as infrastructure teams.
• Security certifications such as GWAPT, GWEB, CEH, CSSLP or similar preferred but not required.
• RCMP Enhanced Reliability Clearance is required for this role.

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other additions to Base Pay. Eligible Sun Life employees participate in various incentive plans; payments are discretionary and subject to individual and company performance. Some sales-focused roles have sales incentive plans based on individual or group sales results.

Diversity and inclusion have always been at the core of our values at Sun Life. We welcome applications from qualified individuals from all backgrounds. Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may email a request to .

We are proud to be a hybrid organization that offers our employees the choice and flexibility to work from both the office and virtually. Several work options are available and can be discussed throughout the selection process depending on role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Salary Range: 63,000 – 104,000

Job Category: IT - Technology Services

Posting End Date: 28/08/2025

Required Experience: Key Skills

Experience: years

Vacancy: 1