Informatics security analyst

Job Title

App Sec and CNAPP Operation Specialist

Scotiabank

Requisition

Location:

Toronto, ON

Work location:

On site

Salary: $30.00 to $72.12 per hour

Terms of employment:
Permanent, Full time

Starts as soon as possible

No. of vacancies: 1

Source:
Career Beacon

• Collaborate with stakeholders across the Bank: work closely with development and engineering, Dev Ops, cloud, application security and other application owner teams across the organization to deliver Cloud and Application Security capabilities.
• Contribute to the success of our cloud transformation by supporting the Review and Triage of the findings flagged by App Sec and CNAPP.
• Recommend, design, assess, implement, deploy and maintain App Sec and CNAPP controls required to protect Scotiabank and its customers.
• Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
• Understand how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Support the Senior Lead, Senior Manager, Director, CIO and CISO in achieving enterprise security strategic goals through various processes.
• Develop and/or enhance the strategies and processes to identify, analyze, and communicate App Sec and CNAPP vulnerabilities as per the CISO Directives, technical standards and published communication process flows.
• Develop and/or enhance strategies and processes to manage the security vulnerabilities and threats for cloud native applications.
• Develop and/or enhance reporting to development teams and all levels of management to provide proper tracking and measurement of remediation relative to established objectives.

• 7+ years' relevant working experience in IT (cloud security, application security, etc.).
• 5+ years' experience with documenting process, procedure, and user guide.
• 3+ years' experience practicing application security (SAST, DAST, SCA, MAST) throughout the Secure Software Development Lifecycle (SSDLC), with demonstrated experience in vulnerability assessment, security integration, automation of security processes, risk assessment and mitigation.
• 2+ years' experience with Cloud Security domains like CNAPP, CWPP, CSPM and/or tools like SCCE, Crowd Strike, Prisma Cloud, Aqua Enterprise, MS Defender etc.
• 2+ years' experience with popular CI/CD tools and processes like Bit Bucket/Git Hub, Jfrog Artifactory, Jenkins, Azure Dev Ops, Git Lab CI/CD, Circle
  
  CI.
• Excellent communication skills and good support skills for triaging and analysis of issues for all development teams.
• Proficient at collaborating with various stakeholders to achieve the objectives assigned.
• Undergrad or equivalent experience.

Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias‑free practices.