Software Engineer – Application Security

• Business group: Application Security – deploying application security vulnerability testing tools used by the Bank for vulnerability testing; currently doing a lot of modernization projects updating portfolio for statis dynamic and mobile testing
• Project: Resource will be playing a key role in deploying components of the strategic solution for Application Security space and providing integration support – may work on several initiatives – project is in development stage (have gone through ideation and high level design) going into detail deployment and development

• The successful candidate will have the opportunity to work with cutting-edge security vulnerability testing tools and implement and define best practices in delivering enterprise scale solutions, opportunity to work with senior/international stakeholders, for a top 5 Canadian Bank.

• Solution Integration: Design and implement integrations between SaaS vendor and bank infrastructure to enable single sign-on, least-privilege access, as well as logging and auditing requirements.
• Continuous Integration/Continuous Deployment (CI/CD): Support the integration of CI/CD pipelines to the SaaS vendor solution.
• Monitoring and Logging: Set up and manage monitoring, logging, and alerting systems using Dynatrace, Zabbix or other automated tool stacks.
• Cloud Management: Be able to assess and implement best practices when configuring cloud SaaS solutions.
• Collaboration: Work closely with development, operations, and security teams to identify and resolve issues, complete threat risk assessments, and improve existing processes.
• Security: Implement security best practices and ensure compliance with industry standards to protect the integrity and confidentiality of our systems and data.
• Performance Optimization: Analyze system performance and implement improvements to enhance efficiency, reduce latency, and optimize resource usage.
• Disaster Recovery: Design and implement disaster recovery plans to ensure business continuity and data integrity in case of system failures or other unforeseen events.

• 10+ years of enterprise IT experience
• 5+ years’ experience as a Software / Security / Integration / DevOps Engineer
• Expert level development experience with either: Python(1st), Java(2nd), Bash(3rd) – (please list which) – can mentor, do code reviews, speak to best practices, etc.
• 5+ years Agile and SDLC experience
• Experience with CI/CD pipelines and automation (e.g. Jenkins)

• Cloud solution and containerization deployment experience – GCP(1st), AWS(2nd), Azure(3rd),
• Experience with security testing tools (SAST, SCA, DAST)
• Experience/knowledge of security best practices around connectivity (MTLS, SAML, OAuth Client and Credentials IP Allow Listing)
• Cybersecurity experience
• Experience from large highly matrixed enterprise organizations

• Strong analytical and problem-solving skills with the ability to devise innovative solutions to complex technical challenges.
• Strong communication skills– written & oral
• Strong collaborator, team player

• Bachelors in technical field (computer science)

• Someone who can work independently with stakeholders to implement solution from design, constantly able to update design – Crucial: taking initiative, strong problem solver and is a strategic thinker and can identify solution; experience using vulnerability and security testing tools to help with understanding of software composition (SAST, SCA, DAST), best will have used the tools themselves and have an understanding of how they work, strong independent developer, with programming and automation expertise

• What they are looking for: Experience in executing tasks, programming a function, leading a team – what was missing from Engineering standpoint in unsuccessful interviews were strong problem skills and ability to communicate, how they addressed certain challenges and describe why’s and how’s of it as there is a lot of problem solving and decision making – crucial to understand technologies and processes enough to explain why and how they have addressed certain problems
• Didn’t have cybersecurity or enterprise application deployment experience
• HM team asks what are your three best practices for cloud deployments, what is a complex problem you encountered on a project and how did you go about solving it
• Profiles of current Engineers on team / successful profiles: larger enterprise experience is successful – out of country enterprise tend to be smaller; banks, IBMs, large government enterprises – being able to prioritize and troubleshoot how to meet all requirements
• Diversity of profiles would be great to see

• 2-3 Rounds – MS Teams Video Interviews – all panels:
o 1st – 30 minutes– panel of project team members (senior technical lead, technical resources) – probing on technical expertise and project experience
o 2nd – 45 minutes – follow-up interview with HM (could include project managers/management) culture fit component
o Potential – 3rd if needed to decide between candidates
• Hiring Manager’s availability to interview: ASAP – HM away until May 21st but has backup in place for shortlist review and 1st rounds

13216

Contract

6 months

Toronto