City : North York

Category : Full-time

Industry : Finance

Employer : Sun Life Financial

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Mandatory Requirement

This role requires Canadian Enhanced Reliability Security clearance [a minimum of 5 years of consecutive residency in Canada].

You are as unique as your background, experience and point of view. Here, you’ll be encouraged and empowered to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you.

We will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our clients - who are at the heart of everything we do.

Discover how you can make a difference in the lives of individuals, families and communities around the world.

Join Sun Life in implementing a global application security strategy as a Senior Information Security Analyst.

What will you do?

• Assist with running an management of application security tools such as SAST,SCA & DAST etc.
• Conduct reviews on tools and provide the relevant tuning and upgrades with respect to penetration test findings.
• Create metrics (KPI and KRIs) for Application Security Program and present to senior management.
• Participate in crafting the Application Security and vulnerability management directives as required.
• Educate development teams on OWASP top 10 vulnerabilities for Web, Mobile and APIs.
• Automate redundant security tasks and bring in efficiencies within existing security processes.
• Provide ongoing support of mobile and web application systems in production including responding to operational requests, problem analysis, resolution, escalation, and reporting as necessary.
• Create and maintain supporting documentation.

What do you need to succeed:

• Experience in conducting security code reviews across a range of programming languages, including Python, Java, Go, C#, JavaScript, and C/C++.
• Software engineering experience (outside of security)
• Proficiency in working with different web application frameworks.
• The ability to identify and categorize vulnerabilities.
• Previous hands-on experience with Static Application Security Testing (SAST), Software Composition Analysis (SCA) and Dynamic Application Security Testing (DAST) tools.
• Familiarity with concepts like Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Vulnerability Scoring System (CVSS).
• Experience level desired would be 3-6 years.
• Experience with secure development and testing of APIs, microservices, containers and Cloud (AWS) is a big plus.
• Security certifications such as GWAPT, GWEB, CEH, CASE, CSSLP or similar preferred
• Knowledge in OWASP Top 10 / Sans Top 25

Preferred skills

• Demonstrated experience leading vulnerability management and analysis
• Good understanding of Agile methodology and comfortable with Scrum/Kanban and sprint ceremonies.
• Self-motivated, proactive, and strong problem-solving skills.
• Ability to communicate effectively to technical and nontechnical audiences and work with business partners as well as infrastructure teams.

What’s in it for you:

• Great Place to Work® Certified in Canada and the US - 2022
• Great Place to Work® award for Best Workplaces for #HybridWork
• 2022 Named “Best Places to Work” by Glassdoor - 2021
• Canada Award for Excellence for Mental Health at Work 
• 2021 Flexible hybrid work model including in-country work-from-home if you prefer.
• Pension, stock and savings programs to help build and enhance your future financial security.

#LI-Hybrid #LI-remote

The Base Pay range is for the primary location for which the job is posted.  It may vary depending on the work location of the successful candidate or other factors.  In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance.  Certain sales focused roles have sales incentive plans based on individual or group sales results. 

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to thebrightside@sunlife.com.

At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Salary Range:

Job Category:

Posting End Date: