Infosec Specialist

No other bank is doing what we do.

At BDC, we help Canada and its entrepreneurs create a prosperous, inclusive and green economy. Our mission is to help Canadian businesses thrive by providing financing, capital and advisory services. We’re devoted to Canadian entrepreneurs. We’re also dedicated to our employees. Adaptable. Inspiring. Different. There’s a reason we like to work here, and we think you’ll like it too. Join BDC and help make a difference

Diversity. Equity. Inclusion. They’re more than just words for BDC. These concepts are foundational to our success and to our ability to attract, retain, mobilize and develop the right talent, as well as to offer a healthy, professional and collaborative environment. We are committed to cultivating and preserving an environment where all employees can thrive, and, for over a decade, we have been recognized as one of Canada's Top 100 Employers and one of Canada's Best Diversity Employers. In recruiting for our team, we welcome the unique contributions that you can bring in terms of your education, opinions, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, color, religion, disability, sexual orientation, beliefs, experiences, and more.
- POSITION OVERVIEW

He or she gathers and analyzes information on BDC’s technology, making recommendations and resolving security issues as required. Maintains a strategic market outlook to ensure that we are optimising the use of existing technologies to enhance our security posture and recommending enhancements where industry good practice and tooling evolves.
- CHALLENGES TO BE MET- Supervise the CICD pipeline security work done by the team.- Ensure security issues can be addressed in the SDLC pipeline well before deployment to production-
- Be the primary point of contact for the development teams when they need to work with specific technical resources.- Serve as the primary point of contact for internal and external partners on matters relating to vulnerability management and pen testing practices.- Develop the SSDLC team members by providing hiring/interviewing, ad hoc training, identifying professional development opportunities, giving exposure to leading practice as it evolves, and by providing real-time feedback.- Conduct an ongoing industry vigil to ensure that BDC’s security process, technology, and expertise are aligned to good practice and are continuously improving. Make concrete adjustments and enhancements where needed.- Develop processes, documentation, and guides for SSDLC management team members to enhance their ability to do their jobs.- Be the primary point of contact for the cyber advisory team when they need to identify specific technical resources for projects.- Maintain and monitor the SAST tools with the collaboration of the projects.- Monitor the health of DevOps pipeline making sure that all the security tasks are running smoothly.- Ensure that projects are remediating all the vulnerabilities assigned to them.- Monitor the DAST tools and make sure to import all the vulnerabilities in the central repositories.- High skills with MS C#.Net to allow the specialist to approve false positive vulnerabilities.- Be able to develop programming scripts to automate the penetration testing tasks.- Familiar with the web penetration testing use cases- Strong practical knowledge of the various vulnerability tracking frameworks such OWASP top 10 etc. and be able to test them tooKeep up to date with security trends.- Perform other related duties as assigned.
- WHAT WE ARE LOOKING FOR- Minimum eight (8) years experience in IT, 4 of which in security with concentration on SSDLC or DevSecOps or similar- Experience with scripting languages such as Python or PowerShell in the context of tooling and automation.- Must have experience in C#.Net programming language.- Knowledge of Azure DevOps, Threadfix, Sonarqube, Burb, Acunetix or similar.- Leadership, autonomy, vigilance, team spirit, ability to see the big picture, and discretion- Ability to simplify complex issues- Sense of priority, understanding of issues, criticality, and impact- Strong working knowledge of networking technologies- Open-source knowledge- Ability to share information with peers and transfer knowledge- Ability to handle multiple requests and manage priorities- Ability to effectively communicate in both official languages (English and French)

With us, you'll be able to achieve the work/life balance you're looking for, with competitive working conditions and above-market flexible benefits. This includes modern workspaces to work from when you are in our offices, and, for some specific positions, the ability to work remotely, on reserve, and/or within your community.