Application Security Analyst (DevSecOps) — Remote
Advance your career in the insurance industry by contributing to secure, innovative digital solutions. Work in a collaborative environment, leverage modern application security practices, and help strengthen the protection of business-critical systems while expanding your technical expertise.
What is in it for you:
• Salaried: $30-37 per hour.
• Incorporated Business Rate: $40-44 per hour.
• 8-month contract with the potential for permanent employment.
• Full-time position: 37.50 hours per week.
• Monday to Friday, 9:00 am. to 5:00 pm.
• Enjoy the flexibility of remote work.
• On-site 1–2 times per quarter.
Responsibilities:
• Assist with the operation and management of application security tools, including SAST, SCA, MAST, and DAST.
• Review vulnerability assessment results and provide remediation guidance to delivery teams.
• Conduct reviews of application security tools and perform tuning and upgrades based on penetration testing findings.
• Create key performance indicators (KPIs) and key risk indicators (KRIs) for the vulnerability management program and present results to senior management.
• Participate in the development of application security and vulnerability management directives.
• Educate development teams on the OWASP Top 10 vulnerabilities for web, mobile, and API applications.
• Automate repetitive security tasks to improve the efficiency of existing security processes.
• Provide ongoing production support for web and mobile application systems, including operational requests, problem analysis, resolution, escalation, and reporting.
• Create and maintain supporting documentation.
What you will need to succeed:
• University or college diploma in Computer Science, Engineering, or an equivalent discipline.
• CISSP, CEH, or another cybersecurity certification.
• 2 years of experience in IT design, application design, and implementation.
• 3 years of experience in cyber application security.
• 1 year of experience designing automation and automating systems.
• 2 years of software development experience using C++, Java, or .NET.
• 1 year of experience managing application security platforms, including SAST, DAST, SCA, and mobile security tools.
• Solid understanding of DevSecOps and Agile security concepts.
• Hands-on experience with SAST, SCA, DAST, and MAST tools and techniques.
• Expert knowledge of the OWASP Top 10 for web, mobile, and APIs, as well as the SANS Top 25.
• Demonstrated experience leading vulnerability management and analysis.
• Experience working in an Agile environment.
• Ability to communicate effectively with both technical and non-technical audiences and collaborate with business partners and infrastructure teams.
• Self-motivated, proactive, and driven with strong problem-solving abilities.
• Ability to create professional Visio diagrams.
• Security certifications such as GWAPT, GWEB, CASE, or CSSLP are considered an asset.
• Experience interpreting penetration testing findings is considered an asset.
• Programming knowledge is considered an asset.
• Experience with secure development and testing of APIs, microservices, containers, and AWS cloud environments is considered an asset.
• Knowledge of software development and vendor procurement life cycles is considered an asset.
• Experience designing and implementing DevSecOps CI/CD pipelines is considered an asset.
• Experience in process engineering is considered an asset.
• Strong working knowledge of Java, J2EE, web services, and application integration technologies is considered an asset.
• Experience designing and implementing cloud solutions is considered an asset.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.