Application Security Specialist - Ruby Life Inc. Toronto, ON, Canada Bookmark Share Print 338 0 5

Listing Description

Do you thrive in a fast-paced, challenging, and dynamic work environment? Are you passionate about making, breaking, and fixing code? Do you welcome the opportunity to work amongst an elite team using the most advanced technology to prevent, detect, and eradicate security threats? If so, you might have what we’re looking for.

Reporting to the Chief Information Security Officer, the Application Security Specialist will be responsible for securing ruby by ensuring the ongoing development and continuous testing of secure customer-facing products.

The ideal candidate is results-oriented and is comfortable working in a collaborative role with multiple application development and operations teams. He or she is also comfortable working in a fast-paced, high visibility environment, has good communication skills, takes direction, can work independently, and has an outgoing team-player attitude.

- Bachelor’s degree in Computer Science, Computer Engineering or related field, or 6+ years of relevant work experience.

- 3+ years of direct experience and involvement with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role)

- 3+ years of experience with penetration testing and application security. Experience specifically requires hands-on knowledge and ability to manually find vulnerabilities as opposed to simply leveraging existing tools.

- You should have strong skills in some of the following areas:

- Web application development and deployment

- Mobile development (Android, iOS, etc.)

- Debugging and disassembly

- Operating system internals (Linux, Windows, etc.)

- Strong experience and detailed technical knowledge in security engineering; operating system, application and network security; authentication and security protocols, cryptography, public-key infrastructure.

- Experience with service-oriented architecture and web services security.

- Development experience in Java, Ruby and/or Go (at least one of the two is required) and scripting skills.

- Strong understanding of application security assessment tools (e.g. AppSpider, Acunetix, Veracode, ZAP, Burp Suite)

- Experience with the application of threat modeling or other risk identification techniques.

- Technical and operational knowledge of the tools, tactics, and procedures used by advanced threat actors.

- Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats.

- Excellent oral and written communication skills.

It would be awesome if you have:

- Discovered CVEs.

- Experience building automation to uncover vulnerabilities and weaknesses in systems and networks.

- Experience applying threat modelling and penetration testing to complex, distributed software in a microservices architecture.

Formal qualifications are nice to have, but not necessary. Many of us are self-taught. What we all share in common is passion, skill and a willingness to learn.

Here’s what we provide:

- An aggressive compensation package

- We are conveniently located just steps from the TTC subway

- The opportunity to work with brilliant people in an entrepreneurial, forward thinking environment

- Friday mixer every week

- Company-provided lunch every 2 weeks and breakfast every Friday

- Incredible social eventsCollaboratively work alongside ruby’s application development and operations teams to help build security into their designs and development techniques from the ground up.

Conduct security reviews of new features. Provide expertise to development teams in the application of processes related to security design (e.g. threat modeling)

Provide automated security scanning, manual analysis, and triaging service using both source code analysis and dynamic analysis tools.

Assess, document, and prioritize security vulnerabilities identified in applications, including both design flaws and coding bugs, and provide expert-level technical consultation to stakeholders for making informed risk decisions.

Provide internal training and awareness to ruby’s application development and operations teams, including demonstrating attack techniques and secure coding practices.

Monitor security analytics and investigate anomalies.

Participate in the development of hardware/software/network security procedures and guidelines that support information security policies.

Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and security assessment techniques.