City : TORONTO, Ontario, Canada

Category : Technology | Analytics | Research

Industry : Financial/Banking

Employer : RBC

What is the opportunity?

We’re seeking a highly technical Application Security Specialist with extensive experience in application security vulnerability assessments and remediation. You’ll be working with a skilled team of developers, security analysts and security architects to ensure security across RBC’s portfolio of applications.

The Application Security Specialist will have extensive experience in development, be comfortable articulating the principles of secure coding to the development teams and excel at identifying and remediating application vulnerabilities.

What will you do?

You will be assessing and adjudicating application security vulnerabilities, be regarded as a subject matter expert in application security and guide development teams in remediation efforts. Moreover, you will work in an Agile manner with our development teams, security architects, and risk advisors to deliver and improve processes that will ensure the governance and risk posture of our enterprise applications.

• Work with development teams to triage application vulnerabilities and determine criticality, exposure, risk and applicability.
• Provide application vulnerability remediation guidance and a leadership role in the design and execution of vulnerability assessments. Facilitate risk assessments of application vulnerabilities with the risk advisory team.
• Work with wider development, DevOps and product teams to train them on OWASP and secure coding practices and provide subject matter expertise relative to application security and secure coding patterns.
• Participate in the planning and design of enterprise applications where appropriate and the creation of enterprise application security documents.
• Maintain up-to-date detailed knowledge of the application security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Recommend additional security solutions, or enhancements to existing solutions, to improve overall enterprise application security. Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigation.
• Participate with investigations into problematic activity and validate fixes provided to mitigate existing vulnerabilities.
• Work with DevOps and other teams to implement and improve application security controls and/or processes.

What do you need to succeed?

Must have:

• Experience working within or building an application security program.
• Knowledge of common web application vulnerabilities such as XSS, CSRF, and insecure direct object references.
• Experience testing web applications for security issues and developing web applications using modern frameworks.
• The ability to educate development teams on web application vulnerabilities and work with the developers to address them.
• Excellent communication skills.

Nice-to-have: 

• Experience developing or deploying security testing tools.
• Information Security professional designations such as CISSP, CISM, CISA, Security+.

RBC is committed to supporting flexible work arrangements when and where available. Details to be discussed with Hiring Manager.

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• A world-class training program in financial services
• Flexible work schedules, including working from home
• Opportunities to do challenging work