Application Security Architect

Position Description:

Located in Montreal we have been providing Canadian entrepreneurs with cloud-based solutions that simplify payroll and human capital management for over 50 years. We are a leader in our specialized market. Within CGI a solid and renowned company we are a team that operates as a SaaS-based application publisher.

CGI offers you:

- Numerous career opportunities supported by a professional development plan
- Rewarding relationships with our clients who have a very high satisfaction rate
- A work environment recognized as one of the most pleasant in the country (Great Place to Work certified)
- The opportunity to be part of a permanent team whose work is based on Agile methodologies
- Comprehensive insurance coverage
- A profit-sharing plan
- An employee stock purchase plan
- An employee assistance program
- A health and wellness program.

This position reports to the Director of the Architecture Infrastructure and Innovation team.

The Application Security Architect is responsible for the design implementation and evolution of security mechanisms integrated into applications. This role aims to ensure that software solutions adhere to security standards throughout the entire Security Software Development Lifecycle (SSDLC). The role also involves a significant contribution to development activities within vulnerability management contexts as well as proactive enhancements designed to improve application security.

The candidate will work closely with existing development teams application solution architects and the security team.

Your future duties and responsibilities:

- Collaborate on the continuous improvement of security practices within the SDLC
- Conduct risk analyses using a STRIDE approach
- Integrate security requirements from the design phase (Security by Design)
- Define the security architecture of applications (web mobile API microservices)
- Participate in code reviews for the security aspect and in technical audits
- Contribute to the prioritization of vulnerabilities according to risk
- Contribute to the vulnerability remediation plan and continuous improvements in the application security domain. Support technical communication with development teams
- Contribute to the implementation of application security patches and security-oriented enhancements
- Contribute to maintaining application security standards and best practices
- Contribute to documentation and knowledge transfer related to application security
- Support development teams in adopting best practices (OWASP Top 10 Secure Coding)
- Contribute to the automation of security processes in CI/CD pipelines (SAST SCA other types of scans)
- Conduct ad-hoc security analyses (e.g. targeted code reviews manual testing) on critical or sensitive applications.
- Contribute to raising awareness of application security best practices among the development team.

Required qualifications to be successful in this role:

- Mastery of application security concepts (authentication authorization encryption identity management)
- Good knowledge of frameworks (OWASP NIST ISO 27001)
- Experience with the following tools:
- SAST (e.g. Checkmarx SonarQube)
- SCA (e.g. CAST Highlight)
- Development skills ( JavaScript SQL)
- Understanding of traditional and modern architectures (Cloud DevSecOps containers Kubernetes)
- Knowledge of protocols (OAuth2 OpenID Connect TLS).

Essential knowledge related to the technological environment:

- (C# )
- (WebForms / MVC)
- Entity Framework / LINQ
- Java Spring Boot Framework
- HTML / CSS / JavaScript / jQuery / XML / JSON
- Good knowledge of IIS SQL Server and Windows services.

Transferable Skills

- Ability to explain security issues in simple terms
- Analytical and problem-solving skills
- Technical leadership and influencing skills
- Excellent communication skills (written and oral)
- Ability to work in a multidisciplinary team
- Experience working with Agile methodologies (an asset)

Desired Profile
- University degree (e.g. Bachelors degree in Computer Science)
- Degree in Computer Science Cybersecurity or a related field
- Minimum of 10 years of experience in application security or application security-oriented development
- Experience in software architecture and/or security
- Team spirit and collaborative approach
- Strong learning ability
- Autonomy

Use of the term architect in this job posting refers to the technical sense related to Information Technology (IT) and does not imply that the individual practices architecture or possesses the requisite license as prescribed by the applicable provincial or territorial architect regulator. We are seeking individuals with expertise in IT architect-related functions but licensure from an architect regulator is not a prerequisite for this position. Architecture is a regulated profession in Canada which is restricted in terms of use of titles and designation.

Skills:

• French
• .NET
• Java
• jQuery
• Spring Boot

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer being able to perform your best during the recruitment process is important to us. If you require an accommodation please inform your recruiter.

To learn more about accessibility at CGI contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our teamone of the largest IT and business consulting services firms in the world.