Security Engineer

On behalf of our public sector client, Affinity is seeking a Security Engineer to join the DevSecOps team, focusing on security in the Software Development Life Cycle (SDLC), including secure design review, threat modeling, secure code reviews, penetration testing, and security controls.

Responsibilities

• Perform threat modeling for identification and mitigation of security threats as part of product/application design and architecture.

• Perform secure code reviews, secure design reviews, and penetration (black and white box) testing for applications/products.

• Perform SCA/SAST/DAST analysis using industry tools, Embed the tools and security processes into CI/CD pipelines

• Create and maintain Azure security policy to ensure the secure deployment of cloud components/applications/platforms

• Performs design, development, integration, and sustainment of security building blocks that provide confidentiality, integrity, availability, authentication, and non-repudiation for software products built by DevOps teams.

• Manages vulnerability management and risk management processes through the system development lifecycle (planning, design, development, testing, release)

• Defines the security controls, performs user stories for security consults for applications/product teams based on solution design and security requirements of a product.

• Supports security quality and assurance of products using various security test tools. Performs validation and tuning of security testing tools to provide accurate and actionable results.

• Coordinates with members of a DevOps team to provide guidance in the development and integration of secure design practices into the product development lifecycle.

• Delivers training to DevOps developers on secure coding practices and hacking techniques to embed knowledge of security into the development process.

• Drives the selection, POC, implementation and operational deployment of new security technology solutions to ensure the security (confidentiality, integrity and availability) of business data related to the DevOps development lifecycle.

• Ensures application and infrastructure architectural solutions are secure, and compliant with policies and standards.

• Performs security monitoring of solutions through the development lifecycle and participates as a subject matter expert in security incident response scenarios

• Cross trains with other specialists, and coaching team members and other employees.

Qualifications:

• Undergraduate degree in Computer Science or STEM (Science, Technology, Engineering or Math)

• A minimum of 6 years’ work experience in progressively complex roles focused on security engineer

• Industry certificate related to security engineer role i.e. CISSP, CEH, etc.

• In-depth knowledge of SCA/SAST/DAST, Threat Modelling, Security controls across all layers of application infrastructure, and Penetration testing for web applications

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity:

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 12258