Application Security Architect
- Software Developer
- Full time
- Toronto, Canada
- Design, build and implement enterprise-class security systems for a production environment
- Align standards, frameworks and security with overall business and technology strategy
- Create solutions that balance business requirements with information and cyber security threats
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Become an expert in the XBL software stack to understand points of weakness and opportunities for application security solutions.
- Engineer and maintain application security tools and services to ensure quality within XBL’s SDLC.
- Enable automated security testing at scale to measure vulnerability density across XBL applications.
- Collaborate with internal partners on addressing systemic security issues.
- Participate in security reviews to ensure timely evaluation per risk based approaches.
- Evangelize security within the development organization through awareness proliferation activities such as mentoring, engineer onboarding training, Security Champ collaboration, and development and procurement of security related events such as Capture the Flag competitions and Red Team activities.
- Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on their success.
- Assist in the evaluation, selection, onboarding and management of XBL vendors and consultants.
- Commit to and develop XBL testing / unit testing requirements for security features and functions.
- 5+ years in the field of software security.
- 5+ years software engineering experience.
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Knowledgeable regarding browser security controls (CSP, XFO, HSTS, etc.), OWASP Top 10, and authentication infrastructure (SAML, OAUTH).
- Knowledgeable regarding back end security topics such as secret management and service authentication.
- Comfortable dealing with ambiguity and conflicting priorities.
- Strong ethics and understanding of ethics in information security.
- Good project management skills.
- Superb communication skills.
- B.S. Computer Science or similar combination of education and experience.
- Ability to write complex software in multiple languages.
- Experience leading secure software development classes.
- Have written your own security tools.
- Presentation experience.
- Experience using JIRA.