The client is looking for an Application Security Specialist. This is a role responsible for the design and execution of our application security program as well as the maintenance and enforcement of information security policy and strategy for the Digital organization. This role will be working closely with the Director of Digital Development, Business owners, and IT Leadership. This role will provide leadership for the security program through strong working relationships and collaboration across the entire organization. Responsibilities:- Develop, execute, and maintain the application security program including: threat modeling, code analysis, vulnerability assessments, security architecture reviews, and other key processes using secure coding methodologies
- Build training material and deliver to our developers on OWASP Top 10 and other relevant material to improve code hygiene
- Coach developers on secure coding best practices
- Analyze and resolve findings from vulnerability scans and penetration tests
- Use appropriate established frameworks and an approach that does not impede business or materially impact development velocity
- Develop and maintain the foundation for a sound and pragmatic security program and comprehensive GRC framework across IT, Compliance, Risk that aligns with Nutrien's central policies, standards and culture.
- Build new and maintain existing security test cases into the CI/CD process leveraging native public cloud services as well as our existing technology stack
- The ability to work in a team and work independently on complex tasks with minimal technical and management guidance is required
- Stay abreast of current technologies, developments, security compliance requirements, standards and industry trends
Qualifications - Bachelor's degree required; Graduate or postgraduate education preferred
- 3+ years of professional experience in implementing and managing security operations, risk management, and security program design
- Software development skills (Node.js, React, AWS infrastructure, etc.)
- Experience with AWS cloud infrastructure management
- Familiarity with key frameworks such as BSIMM
- Thorough understanding of the SDLC, penetration and vulnerability management, (IAST, DAST, RAST), and code dependency validation experience
- Excellent communications and people skills to build coalitions across development and security teams
- Candidate should be able to interact with all levels of leadership
•
Last updated on Jul 18, 2019