Security Engineer
Description:
New Value Solutions, a national IT consulting company, is seeking a Security Engineer to join a DevSecOps team focused on security in SDLC. This will involve secure design review, threat modelling, secure code reviews, penetration testing, and security controls.
Responsibilities:
Perform threat modeling for identification and mitigation of security threats as part of product/application design and architecture.
Perform secure code reviews, secure design reviews, and penetration (black and white box) testing for applications/products.
Perform SCA/SAST/DAST analysis using industry tools, Embed the tools and security processes into CI/CD pipelines.
Create and maintain Azure security policy to ensure the secure deployment of cloud components/applications/platforms.
Perform design, development, integration, and sustainment of security building blocks that provide confidentiality, integrity, availability, authentication, and non-repudiation for software products built by DevOps teams.
Manage vulnerability management and risk management processes through the system development lifecycle (planning, design, development, testing, release)
Define the security controls, performs user stories for security consults for applications/product teams based on solution design and security requirements of a product.
Support security quality and assurance of products using various security test tools.
Perform validation and tuning of security testing tools to provide accurate and actionable results.
Coordinate with members of a DevOps team to provide guidance in the development and integration of secure design practices into the product development lifecycle.
Deliver training to DevOps developers on secure coding practices and hacking techniques to embed knowledge of security into the development process.
Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the security (confidentiality, integrity and availability) of business data related to the DevOps development lifecycle.
Ensure application and infrastructure architectural solutions are secure, and compliant with policies and standards.
Perform security monitoring of solutions through the development lifecycle and participate as a subject matter expert in security incident response scenarios
Cross train with other specialists, and coaching team members and other employees
Requirements:
6+ years of experience in progressively complex Security Engineer roles.
Professional certification such as CISSP, CEH, or equivalent.
Knowledge of AI technologies security design and controls.
Undergraduate degree in Computer Science or STEM field.
Deep expertise in:
Threat modeling
Secure code and design reviews
Penetration testing for web applications
Security controls across the application stack
SCA (Software Composition Analysis), SAST, and DAST tools
If you have the necessary expertise and are able to work in Canada, please submit your resume. While we thank all candidates in advance for their application, only those shortlisted will be contacted.
ID#5055
The hourly rate range for this position is $80 - $110, with the final rate based on consultant experience and fit for the role.