Technology Specialist Information Security
Technology Specialist Information Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Position Title: Technology Specialist Information Security
Reports To:Senior Technology Manager Information Security
Department:IT Technology Risk and Governance
Term:Permanent Fulltime
Work Arrangements:This is a hybrid role. You will work in our office in Waterloo ON a minimum of two 2 assigned consecutive days every other week plus a fifth 5th) assigned day per month. You are welcome to work from the office more than the minimum requirement and there may be some roles that are required to work in our office more than the minimum requirement.
The Opportunity:Dont miss the opportunity to join one of the Waterloo Areas Top Employer for 2025 and Southwestern Ontarios Top Employers for 2025!
The Application Security Specialist will play a vital role in strengthening our Application Security program and will be on the forefront of change leading the SecDevOps culture at Equitable Life of Canada. You will contribute by safeguarding our digital assets and ensuring the security of our applications directly impacting our companys success and customer trust. You will provide technical leadership required to manage and reduce application security risks by taking ownership of the SecDevOps portfolio and establishing current and longterm direction by developing organizationwide security controls that integrate into our DevOps pipelines.
What you will be doing:
- Act as a subject matter expert on application security domains involving web and mobile platforms.
- Design and implement robust application security controls to protect against threats and vulnerabilities.
- Enforce secure coding standards across development teams based on industryaccepted best practices.
- Design and implement secure CI/CD solutions for development and production environments.
- Integrate and implement automated application security testing (DAST SAST RASP & IAST) for APIs web and mobile applications.
- Conduct periodic and ondemand manual penetration testing assessments of applications.
- Provide guidance on security requirements of application design based on industry best practices or internal policy.
- Perform system and applicationlevel risk and vulnerability assessments.
- Collaborate with developers to understand and remediate security vulnerabilities to improve overall security posture.
- Nurture a training program/curriculum that provides Application Security training to software developers.
- Assist with code reviews to proactively identify potential vulnerabilities and followup with tooling to prevent future vulnerabilities.
- Provide timely and detailed reports with evidence of findings risk analysis guidance and remediation instructions.
- Manage Auth0 for secure authentication and collaborate with development teams to integrate Auth0 in various applications.
- Facilitate security training sessions for developers to enhance their understanding of secure coding practices.
- Ensure security is considered at each stage of the software development process.
- Conduct regular assessments and audits to ensure compliance with SCLC standards.
- Provide training and guidance to development teams on using SNYK and StackHawk tools to identify and remediate vulnerabilities in applications. Integrate these tools into CI/CD pipelines to ensure continuous security testing.
What you will bring:
- A SecDevOps forward mindset with a high emphasis on solving problems via code and API forward approaches.
- A Bachelors Degree in Computer Science Information Systems Engineering cybersecurity or related technical field; or equivalent experience.
- Possess or have an interest in pursuing certifications such as CISSP OSCP OSCE GWAPT GPEN CEH CompTIA Security .
- Extensive knowledge of Application Security Risks how they can be detected exploited and mitigated.
- Strong experience in DevOps development practices CI/CD pipelines and knowledge of orchestration platforms.
- Thorough understanding of modern software development practices.
- Strong expertise with cloud environments (AWS / Google Cloud / Azure).
- Programming/scripting experience (PowerShell ASP .NET Python Perl).
- Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation.
- Strong understanding of application design and architecture.
Whats in it for you:
- A healthy worklife balance with employee wellness top of mind.
- Annual bonus program annual vacation allowance and companypaid benefits program.
- An additional paid volunteer day each year so you can spend time giving back to the community.
- Immediate enrollment in the companys pension program with employer matching.
- Employee resource groups that support an inclusive work environment.
- Tuition support and specialized program assistance.
- A company subsidized cafeteria with a variety of daily options.
- Discounts on company products and services and access to exclusive employee perks.
- Regular EQ Together events focused on company togetherness and collaboration.
As part of the recruitment/offer process you will be required to:
- Provide two professional references (minimum one supervisor and above)
- Undergo a criminal background check.
This role is open due to an existing vacancy.
To learn more about Equitable we encourage you to explore our organization.
At Equitable we are committed to providing equal access to employment opportunities across our organization. Please contact our HR team at if you would like to receive our job postings in an alternative format or require an accommodation with the application process.
Other details
- Job FamilyIndividual Contributor Non Transactional
- Pay TypeSalary
Required Experience:
Unclear Seniority
Employment Type
Full-Time
