Senior Application Security Engineer-DevSecOps
City : North York
Category : Full-time
Industry : Finance
Employer : Sun Life Financial
You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.
You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.
Sun Life seeks a talented individual to fill the role of Senior Application Security Engineer-DevSecOps within Application Operations Services team. The ideal candidate will play a key role in implementing ‘secure by design’ methodology and application security best practices within Sun Life.
This role requires Canadian Enhanced Reliability Security clearance [a minimum of 5 years of consecutive residency in Canada].
What will you do?
- Lead the Application Security program within DevOps and help implement security tooling within CICD pipeline.
- Work with various security champions, developers, and architects across the organization to help them integrate security best practices within their SDLC.
- Create Secure coding guidelines and best practices for various languages technologies
- Conduct Threat modeling exercises and workshops for developers and security champions.
- Create metrics (KPIs and KRIs) on adoption and effectiveness of shift-left initiatives and present to higher management.
- Analyse the vulnerability data from various security tools and recommend fixes to the development teams
- Conduct penetration testing on applications before release and make sure teams are compliant with application security directive.
- Design security solutions and scripts for web/mobile infrastructure to automate repetitive tasks.
- Provide ongoing support of mobile and web application systems in production including responding to service requests, problem analysis, resolution, escalation and reporting as necessary.
What you need to succeed:
- 5 years of experience with tools such as SonarQube, WebInspect, BURP, Jfrog Xray, Sonatype, Chekmarx, CodeDx etc. is a must.
- 2 years experience DevOps processes and tools such as Jenkins, Artifactory, Bitbucket, GIT and CDD etc.
- Development experience in CICD processes, implementing security tools and gating (security gates/checks) within pipeline.
- Good understanding Akamai platform (WAF, Bot Manager etc.) is desired.
- Hands on experience coding practices for web applications (Java and .Net) and Mobile platforms (Android OS, iOS)
- Experience with various threat modelling techniques and be able to identify threats and recommend fixes.
- Experience with secure development and testing of APIs, microservices, containers and Cloud (AWS) is a big plus.
- Strong working knowledge of SPA (single page applications) and client sever model; with hands on experience in Java, J2EE, web services, and .Net technologies.
- Security certifications such as GWAPT, GWEB, CEH, CASE, CSSLP or similar preferred but not required
- Certification or working towards OWASP top 10 and SANS top 25
- Strong problem-solving, planning, organizational and consulting skills
- Ability to communicate effectively to technical and nontechnical audiences and work with business partners as well as infrastructure teams
- Comfortable presenting to senior management on status of various programs and initiatives.
- Good understanding of Agile methodology and comfortable with Scrum/Kanban and sprint ceremonies.
What’s in it for you:
- Great Place to Work® Certified in Canada and the US - 2022
- Great Place to Work® award for Best Workplaces for #HybridWork
- 2022 Named “Best Places to Work” by Glassdoor - 2021
- Canada Award for Excellence for Mental Health at Work
- 2021 Flexible hybrid work model including in-country work-from-home if you prefer.
- Pension, stock and savings programs to help build and enhance your future financial security
The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.
Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.
Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to firstname.lastname@example.org.
At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.
We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.
Salary Range:80,000/80 000 - 130,400/130 400
Job Category:IT - Application Development
Posting End Date:29/11/2022