Application Security Analyst Calgary, AB or Saskatoon, SK

Calgary - Canada

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

Nutrien is a leading provider of crop inputs and services and our business results make a positive impact on the world. Our purpose Feeding the Future is the reason we come to work each day. Were guided by our culture of care and our core values: safety inclusion integrity and results. When we say we care we mean it. Were creating an inclusive workplace where everyone feels safe has a sense of belonging trusts one another and acts with integrity.

Through the collective expertise of our nearly 26000 employees we operate a world-class network of production distribution and ag retail facilities. We efficiently serve growers needs and strive to provide a more profitable sustainable and secure future for all stakeholders. Help us raise the expectation of what an agriculture company can be and grow your career with Nutrien.

The role of an Application Security Analyst in a dynamic and fast-paced environment and works with cross-functional teams (cyber security application development teams DevOps and IT). The Cyber Application Security Analyst will focus on integrating security throughout the software development lifecycle (SDLC).This includes assistance our dev team in identifying assessing and remediating vulnerabilities in code infrastructure and applications. Responsibilities include collaborating with cross-functional teams to manage code vulnerabilities implementing automated security testing and ensuring adherence to cyber security policies and standards.

Additionally the position will be responsible for providing the appropriate teams with guidance on cyber security issues that need to be remediated. The individual must be able to work with and leverage Nutrien global cybersecurity support teams and architecture to provide superior solutions and advice to multiple layers of the Nutrien business teams. The role is meant as an entry level position for those that are starting out in the Cyber Security field.

What Youll Do:

Develop rapport with others by demonstrating an understanding of their concerns needs and issues and build an internal network of relationships that can provide advice and support. Consistently deliver quality client services.
Monitor progress manage risk and ensure key stakeholders are informed about progress and expected outcomes.
Stay abreast of current business and industry trends relevant to global development teams business operations and cyber security.
Assist engagement with DevOps teams in evaluating vulnerability management tools across people process and technology.
Work with engagement teams to own distinct portions of vulnerability management solutions tailored to client environments.
Perform and control targeted vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls.
Familiarity with security and risk standards including ISO 27001-2 PCI DSS NIST CSF 2.0 ITIL COBIT CVSSv4 OWASP and the MITRE ATT&CK framework.
Hands-on operational experience with vulnerability management prioritization platforms.
Ability to conduct root cause analysis on vulnerabilities and determine feasible technical solutions.
Ability to evaluate exploitability and assess the impact of vulnerabilities based on organizational context.
Knowledge of general cybersecurity concepts and methods including vulnerability management privacy incident response governance risk and compliance enterprise security strategies and security architecture.
Ability to assist in project management of cybersecurity initiatives including developing project charters project plans and status updates.

What Youll Bring:

It is preferred that you have or are working on a bachelors degree or certificate in Computer Science Information Systems Engineering Business or a related field.
An understanding of the vulnerability management lifecycle and governance.
Familiarity with security and risk standards including ISO 27001-2 ISO 31000 PCI DSS NIST ITIL COBIT CVSSv4 and MITRE ATT&CK.
Hands-on operational experience with vulnerability management tools (e.g. Qualys Tenable Snyk trufflehog pro).
Understanding of various operating systems (Windows Unix MacOS); cloud concepts (secure build images ephemeral workloads cloud patching); and networking fundamentals.
A full understanding of full stack application development and mobile development on iOS and Android.
Deep expertise in writing and running queries to prepare metrics reports and dashboards.
Good understanding of scanning tools for APIs.
Ability to report issues clearly and succinctly and adapt communication styles to demonstrate vulnerability severity to technical stakeholders and leadership.
Knowledge of general cybersecurity concepts and methods including secure configuration management data protection and privacy security monitoring incident response governance risk and compliance patch management and enterprise security strategies and architecture.
Strong written and verbal communication skills with the ability to interact with senior management and technical SMEs.
Ability to examine issues both strategically and analytically.
Experience working in cloud and container environments.
Penetration testing experience.
Application security experience.
Automation and scripting experience (e.g. Python Bash).
Enterprise application development experience.
Financial services sector regulatory experience.
Attack Surface Management experience.

Ready to make an impact with us Apply today!

The estimated salary that Indeed Glassdoor and LinkedIn lists does not represent Nutriens compensation structure. Nutrien is an equal opportunity employer. We evaluate qualified applicants without regard to race color religion sex sexual orientation gender identity national origin disability veteran status and other legally protected characteristics.

This job will remain posted until accordance with Nutrien policies you will be required to undergo a background check and may be required to undergo a substance test. While we appreciate all applications we receive only candidates under consideration will be must meet minimum age requirements as permitted by law.

Our Recruitment Process: Application > Resume Review > Pre-screen/Interview > Offer > Pre-Employment Conditions > Welcome to Nutrien

To stay connected to us and for the latest job postings and news follow us on: LinkedIn Facebook Instagram and X.

Required Experience:

Nutrien is a leading provider of crop inputs and services and our business results make a positive impact on the world. Our purpose Feeding the Future is the reason we come to work each day. Were guided by our culture of care and our core values: safety inclusion integrity and results. When we say w...

What Youll Do:

Develop rapport with others by demonstrating an understanding of their concerns needs and issues and build an internal network of relationships that can provide advice and support. Consistently deliver quality client services.
Monitor progress manage risk and ensure key stakeholders are informed about progress and expected outcomes.
Stay abreast of current business and industry trends relevant to global development teams business operations and cyber security.
Assist engagement with DevOps teams in evaluating vulnerability management tools across people process and technology.
Work with engagement teams to own distinct portions of vulnerability management solutions tailored to client environments.
Perform and control targeted vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls.
Familiarity with security and risk standards including ISO 27001-2 PCI DSS NIST CSF 2.0 ITIL COBIT CVSSv4 OWASP and the MITRE ATT&CK framework.
Hands-on operational experience with vulnerability management prioritization platforms.
Ability to conduct root cause analysis on vulnerabilities and determine feasible technical solutions.
Ability to evaluate exploitability and assess the impact of vulnerabilities based on organizational context.
Knowledge of general cybersecurity concepts and methods including vulnerability management privacy incident response governance risk and compliance enterprise security strategies and security architecture.
Ability to assist in project management of cybersecurity initiatives including developing project charters project plans and status updates.

What Youll Bring:

It is preferred that you have or are working on a bachelors degree or certificate in Computer Science Information Systems Engineering Business or a related field.
An understanding of the vulnerability management lifecycle and governance.
Familiarity with security and risk standards including ISO 27001-2 ISO 31000 PCI DSS NIST ITIL COBIT CVSSv4 and MITRE ATT&CK.
Hands-on operational experience with vulnerability management tools (e.g. Qualys Tenable Snyk trufflehog pro).
Understanding of various operating systems (Windows Unix MacOS); cloud concepts (secure build images ephemeral workloads cloud patching); and networking fundamentals.
A full understanding of full stack application development and mobile development on iOS and Android.
Deep expertise in writing and running queries to prepare metrics reports and dashboards.
Good understanding of scanning tools for APIs.
Ability to report issues clearly and succinctly and adapt communication styles to demonstrate vulnerability severity to technical stakeholders and leadership.
Knowledge of general cybersecurity concepts and methods including secure configuration management data protection and privacy security monitoring incident response governance risk and compliance patch management and enterprise security strategies and architecture.
Strong written and verbal communication skills with the ability to interact with senior management and technical SMEs.
Ability to examine issues both strategically and analytically.
Experience working in cloud and container environments.
Penetration testing experience.
Application security experience.
Automation and scripting experience (e.g. Python Bash).
Enterprise application development experience.
Financial services sector regulatory experience.
Attack Surface Management experience.