Senior Specialist, Application Security

Travel Requirement : Limited

Language Skill Levels (Read / Write / Speak) : ZZZ

Security Requirement : Secret

Salary : Our salaries generally range from $101639.3to $127049.13and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose : to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust , where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee :

• Annual paid vacation.
• Annual individual performance incentive.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.

About the role

Join the Technology and Business Transformation sector in the Senior Specialist, Application Security position.

This role is responsible to implement, operationalize, and execute the strategy for IT Cybersecurity Risk Management in line with the objectives of the cybersecurity security program and CMHC’s requirements, safeguarding the interests of CMHC’s IT security environment.

Cybersecurity Strategy and Advisory team’s focus is on :

• Ensuring the organization's adherence to security requirements.
• Advising on secure system design and enterprise architecture.
• Providing security guidance for cloud migrations, devops and different IT initiatives.

Together, they develop and implement cyber strategies and a robust control framework to manage cloud security and emerging risks across the organization.

What you’ll do :

• Advise on all IT-related projects to ensure they do not introduce additional risks to the organization and comply with security requirements.
• Identify and facilitate the implementation of appropriate controls to effectively manage information risks. Provide complex consultative advice to relevant stakeholders such as Enterprise Architecture, Devops, Audit and Compliance, etc).
• Define and enforce secure coding standards (OWASP Top 10, SANS Top 25, NIST).
• Implement Security-as-Code, integrating SAST, DAST, SCA, and container security scanning into CI / CD pipelines.
• Establish application security guidelines for authentication, authorization, and API security.
• Act as a senior subject matter expert in projects and collaborate with cross-functional teams to integrate security measures and promote adherence to cybersecurity best practices.
• Provide expert-level advice to leadership to guide and influence the management of IT Cybersecurity risks across the corporation.
• Act as an ambassador, and share your knowledge with colleagues and interested parties.
• Support the overall IT Cybersecurity Program and CMHC Corporate Strategy.
• Identify and support the development and evolution of the information Cybersecurity program.

What you should have :

• An undergraduate degree in a related field such as Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field.
• 8+ years of experience in application security, DevSecOps, and secure software development.
• Expertise in SAST, DAST, SCA, and container security tools (GitHub Advanced Security, Veracode, Owasp Zap, etc).
• A strong knowledge of API security (OAuth, JWT, WAF policies, etc).
• Experience in developement and integrating security into engineering workflows.
• Familiarity with secrets management tools (Azure Key Vault, Cyberark).
• Strong understanding of cloud security best practices (mainly Azure).
• Experience with CI / CD security integration (Azure DevOps, GitHub Actions).
• Experience and / or knowledge of recognized standards and risk frameworks (ie. : NIST CSF, ISO 27000, ITSG-33, etc.).
• Strong communication (written and verbal) and interpersonal skills, including the ability to negotiate, influence and challenge various audiences.
• Experience in writing complex cybersecurity risk analysis / risk assessment reports for a variety of audiences (technical and non-technical).

It would be nice to have one or more of the following :

• A Professional designation, we would prefer Certified Information Systems Security Professional (CISSP), Azure security certifications, or other relevant cloud or Security licence, designation, or certificate.
• Experience with Threat Modeling and risk assessment.
• Familiarity with policy-as-code (OPA, Sentinel) for compliance enforcement.
• Leadership experience mentoring developers and integrating security into engineering workflows.
• A knowledge of Canadian laws and Government of Canada regulatory requirements and standards. E.g. Treasury Board, Office of the Superintendent of Financial Institutes, etc.
• Bilingualism (English and French).
• A background in AI security risks.
• Knowledge of chaos security testing and runtime security monitoring.

Posting closing date : Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion

What happens after you apply

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process . If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!