Application Security Specialist

Location: Vancouver, BC
Date Posted: 01-25-2018
On behalf of our client, Affinity Staffing is seeking an Application Security Specialist that will have extensive experience in full stack Java development and be comfortable articulating the principles of secure coding to the Development and Technology teams within our client and enjoy identifying and remediating application vulnerabilities for breakfast. The ideal candidate is expected to improve the security posture of our client’s application portfolio through not only the direct application of their skills in the areas of Threat modelling, Secure coding methodology and Application Vulnerability testing, but also in educating others to build our Information Security capabilities across the organisation.
 
The ability to adapt to a varied audience and work well with others is a key component in this role, as project teams will rely on the resource’s experience and analytical skills to effective identify and prioritize threats and both suggest and coach the development of effective controls.  In order to effectively report and assess security capabilities, the ideal candidate will be responsible for maintaining and growing the penetration and application vulnerability testing program. They should be familiar with commercial off the shelf testing tools such as vulnerability scanners, intercepting proxies and be capable of writing exploits using a language of their choosing.
 
Additional responsibilities may include involvement in the implementation of new security solutions, leading in the creation of security architecture documentation and/or maintenance of policies, standards, baselines, and guidelines. 
 
Responsibilities Include
 
Strategy & Planning
Facilitate Threat Modelling and Risk assessments at both a product and project level
Participate in the planning and design of enterprise security architecture, under the direction of the Information Security Manager, where appropriate.
Participate in the creation of enterprise security documents (architecture blueprints, policies, standards, baselines, guidelines and procedures) under the direction of the Information Security Manager, where appropriate.
Provide oversight and contribute to the design and deployment of application solutions to ensure they are carried out following industry standard best practices.
 
Acquisition & Deployment
Maintain up-to-date detailed knowledge of the information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
Develop secure testing strategies for new application deployments.
 
Operational Management
Participate with investigations into problematic activity, triage vulnerable application components and validate fixes provided to mitigate existing vulnerabilities.
Provide a leadership role in the design and execution of vulnerability assessments and penetration tests.
 
Qualifications
 
Formal Education & Certification
University degree and 7 years Information Technology related work experience, ideally with 5 or more years spent working in a web application development function and 2 or more years working on application security
One or more of the following certifications is preferred:
(ISC)2 - CISSP, or CSSLP
GIAC - GSEC, GCIH, GCIA, GCFE, GWAPT or GPEN
OSCP, OSWP
 
Knowledge & Experience
Experience with threat modelling techniques such as STRIDE.
Experience with Java development including secure coding practices and building exploits to target weak code.
Experience deploying and supporting complex web application environments.
Experience with Web Application Security Testing.
Experience developing applications in the financial services environment.
Experience with two or more of the following scripting languages: Perl, Python, Ruby, Bash and PowerShell.
Detailed understanding of OWASP Top 10 and SANS Top 25.
Strong understanding of IP, TCP/IP, and other network administration protocols.
Strong understanding of Windows, Linux, and Mac operating systems.
Familiarity with incident management, issue tracking systems, and ISO 27001.
 
Personal Attributes
Proven analytical and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Good written, oral, and interpersonal communication skills.
Ability to conduct research into information security issues and products as required.
Ability to present ideas in business-friendly and user-friendly manner.
Highly self-motivated and directed.
Keen attention to detail.
Team-oriented and skilled in working within a collaborative environment.
 
Work Conditions
35-hour on-site work week with on-call availability as occasion requires.
Some occasional travel may be required.
Sitting for extended periods of time.
Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse, and other computer components.
 
Additional Information
As much as we believe in working hard, we also believe in personal growth and taking time for ourselves. Accordingly, our total rewards philosophy amounts to one of the best compensation and benefits packages in the industry – from performance-based incentives and extended benefits, to training and education reimbursements and ample vacation time.
 
 About Affinity Staffing: 
Affinity Staffing is a full-service Information Technology agency that takes a unique approach to recruiting. We believe recruiting is about creating long term relationships that foster a mutually beneficial partnership - an affinity. Bringing a new style of recruiting founded on four core principles – Transparency – Flexibility – Efficiency – Agility.
 
For more information on Affinity Staffing, please visit www.affinitystaffing.ca
 
or
this job portal is powered by CATS