Security Engineer

Get AI-powered advice on this job and more exclusive features.

This range is provided by New Value Solutions. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

CA $70.00/hr - CA $90.00/hr

New Value Solutions, a national IT consulting company, is seeking a Security Engineer to join a Dev Sec Ops  team focused on security in SDLC. This will involve secure design review, threat modelling, secure code reviews, penetration testing, and security controls.

• Perform threat modeling for identification and mitigation of security threats as part of product/application design and architecture.
• Perform secure code reviews, secure design reviews, and penetration (black and white box) testing for applications/products.
• Perform SCA/SAST/DAST analysis using industry tools, embed the tools and security processes into CI/CD pipelines.
• Create and maintain Azure security policy to ensure the secure deployment of cloud components/applications/platforms.
• Perform design, development, integration, and sustainment of security building blocks that provide confidentiality, integrity, availability, authentication, and non-repudiation for software products built by Dev Ops teams.
• Manage vulnerability management and risk management processes through the system development lifecycle (planning, design, development, testing, release)
• Define security controls, perform user stories for security consults for applications/product teams based on solution design and security requirements of a product.
• Support security quality and assurance of products using various security test tools.
• Perform validation and tuning of security testing tools to provide accurate and actionable results.
• Coordinate with members of a Dev Ops team to provide guidance in the development and integration of secure design practices into the product development lifecycle.
• Deliver training to Dev Ops developers on secure coding practices and hacking techniques to embed knowledge of security into the development process.
• Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the security (confidentiality, integrity and availability) of business data related to the Dev Ops development lifecycle.
• Ensure application and infrastructure architectural solutions are secure, and compliant with policies and standards.
• Perform security monitoring of solutions through the development lifecycle and participate as a subject matter expert in security incident response scenarios.
• Cross train with other specialists, and coach team members and other employees.

• 6+ years of experience in progressively complex Security Engineer roles.
• Professional certification such as CISSP, CEH, or equivalent.
• Deep expertise in:
• Threat modeling
• Secure code and design reviews
• Penetration testing for web applications
• Security controls across the application stack
• SCA (Software Composition Analysis), SAST, and DAST tools
• Knowledge of AI technologies security design and controls.
• Undergraduate degree in Computer Science or STEM field.

If you have the necessary expertise and are able to work in Canada, please submit your resume. While we thank all candidates in advance for their application, only those shortlisted will be contacted.