WilsonHCG

Work Location: Hybrid
Position Type: Contract, 6 Months (potential for extension)
Location: Toronto, ON
Compensation Range: $45/hr. to $64/hr.

Our client, a multinational technology company specializing in Information Technology Services and Consulting, is looking to hire an Information Security II. 

Responsibilities: 

• Conducts security risk assessments of applications with respect to design and implementation of system and application code
• Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
• Assist in the development of threat modeling governance documentation.
• Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
• Develops reports for management concerning residual risk and non-compliance.
• Monitor and track compliance with application owners to ensure implementation of security controls as planned.
• Review issued security controls with application owners to ensure identified requirements are implemented.
• Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
• • Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
• Develop, Maintain, update and enhance secure design patterns and secure coding standards.
• Develop, Maintain, update and enhance threat libraries.
• Socialize secure design patterns and secure coding standards with engineering teams.
• Assist application teams with threat modeling consultancy questions.
• Consistently enable strong developer and customer experience when liaising with application teams.
• Uphold Blue Box values when liaising with application teams.
• Develop innovative attack techniques to foil protective design and in-place mitigations.
• Participate in the development of strategies for information security processes and programs.
• Support the investment decision process by developing business cases and cost benefit analysis.
• Create reports and other materials to assist in prioritizing activities related to various threats to applications

Qualifications

• Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
• Experience with application security controls (Web, API, Mobile, AI).
• Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
• Experience with Application Security design and DevSecOps
• Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
• Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
• CISSP, CISM, CSSLP, CISA, CRISC certification