Security Architect

Reference No.

2183

Description

As the owner of the information security program you will:Lead the Product Security team in setting the cyber security vision and roadmap

Collaborate with various product Centers of Excellence and Lead Architects to establish and enforce proper implementation of cyber security in the software architectures of our products, including ensuring that security standards are properly addressed and developing risk mitigation plans

Improving and maintaining secure development standards and managing application security framework improvement projects

Integrating security tools, standards and processes into the Software Development Life Cycle

Mentor and coach architects, developers and cyber security engineers, providing technical leadership, guidance and assistance to development teams in implementation of cyber security strategies and designs

Support the incident response and architecture review processes whenever application security expertise is needed

Periodically assess all security monitoring requirements, including reviews of customer-initiated security, penetration, and vulnerability assessments, and implement enhancements to meet changing business needs

Positively influence the behavior of peers and build relationships with other teams

Ensure that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities

Produce metrics that report the state of information security programs and performance of development teams against requirements

Support Vendor Security activities to ensure 3rd-party software and development meets security standards

Qualifications

Bachelor's degree in cyber security, computer science, or equivalent degree program

An in-depth understanding of OWASP Top 10 is required

10 years of experience in engineering development / technology of which 5 years must be cyber security

2 years working knowledge of cyber security standards and best practices NIST, ISA, IEC, BSIMM, etc.

Experience in cyber threat and vulnerability analysis and remediation

Contemporary knowledge of secure coding practices, encryption technologies, ethical hacking and threat modeling

Experience with Mobile, Web, Java, and .NET, development

Familiarity with agile development processes and have experience integrating secure development practices

Desirable Skills

Information security certifications: GSSP-.NET, GSSP-Java, CISSP, OSCP, CISM, CRISC, CEH, CSSLP, etc.

Experience with ISO27001, GDPR / Privacy

Experience and knowledge of security testing and evaluation and penetration testing methodologies and tools, such as: SonarQube, VeraCode, Fortify SCA, Fortify

Strong ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques

Experience promoting Continuous Delivery and a DevSecOps pipeline

Location

Mississauga, Ontario

Salary

100,000 - 130,000