DJJ-The David J Joseph Company
Grow the Core, Expand Beyond, Live Our Culture
Scrap Metal Recycling • Scrap Metal Brokerage • Finance, Sell, Buy and Lease Railcars • steel • transportation
1001 - 5000
Senior Specialist Application Security
August 13
🔄 Hybrid – Toronto
DJJ-The David J Joseph Company
Grow the Core, Expand Beyond, Live Our Culture
Scrap Metal Recycling • Scrap Metal Brokerage • Finance, Sell, Buy and Lease Railcars • steel • transportation
1001 - 5000
Description
• Implement and maintain robust application security practices within our DevSecOps framework. • Collaborate with development teams to integrate security into CI/CD pipelines. • Perform security assessments, code reviews, and help dev teams in remediation. • Conduct threat modeling for new and existing applications and systems • Develop and enforce container security policies and best practices. • Implement and manage cloud security solutions including but not limited to CASB, Microsoft Defender products, and container security measures for Docker and Kubernetes to ensure comprehensive protection of cloud data, applications, and infrastructure. • Provide security guidance and training to development and operations teams. • Stay current with emerging threats and security technologies. • Conduct research on different enterprise security solutions.
Requirements
• Post-secondary degree in Business or Technology or a related discipline. • 5+ years of experience in application security with strong understanding of application security threats, attack patterns, emerging security vulnerabilities. • Strong knowledge of common security standards and frameworks (OWASP Top 10, NIST/ CSC/ISO 27001, etc.) • Strong understanding and hands-on experience of Static Application Security Testing (SAST), secure coding practices, Open-Source Analysis, infrastructure as a code scanning. • Expertise in DevSecOps methodologies and tools with understanding of GitHub, Gitlab, Bitbucket, Artifactory, Jenkin, micro-service, etc. • Experience with threat modeling techniques and methodologies • Proficiency in container technologies (Docker, Kubernetes) and their security implications • Able to work at three levels - Strategy, design, and hands on technical. • Strong communication and influencing skills, for working cross functionally with teams. • Proficient in cloud security and industry-leading best practices for robust data protection. • Must have excellent knowledge of different areas of IT operations / processes (change mgmt., release mgmt.), and be able to define/design security processes to meet business requirements. • Preferred Certifications (any in the list): CISA/CISSP/CCSP/CISM/CIA/ CEH/SANS GIAC, CSSLP, CAS)
Apply Now
