Application Security, Lead

Application Security LeadAt Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada. Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical gurus and high-performance application developers? We want to hear from you.We are currently recruiting for a full-time Application Security Lead to be part of our Threat & Vulnerability Management team within Cybersecurity. This role will lead the Application Security practice and work with cross functional teams to ensure products and applications are built securely.You’ll be responsible for: Lead application security practice at Interac in alignment with product and business objectives.Build and maintain a comprehensive application security strategy to identify and mitigate product vulnerabilities.Work alongside and educate product development teams as the subject matter expert in application security to design secure products to protect Interac’s customers.Integrate application security tools into DevSecOps practice, reducing development friction and vulnerabilities in productionIntegrate application security processes throughout the Secure Software Development Life Cycle (SSDLC).Perform threat modelling on new systems, products, and features and facilitate secure architecture and design discussions.Develop and implement code reviews and automated security testing processes to monitor compliance to secure coding standards.Develop and report on actionable KPIs and KRIs against application security policies and standardsCollaborate with other cybersecurity functions such as IR, VM, and Cloud Security as needed to mitigate application security risk.Continuously improve application security technology by staying up-to-date with latest trends and advancementsClearly communicate with both technical and non-technical stakeholders, ensuring transparency and understanding of security measures.Demonstrate proficiency in programming languages commonly used in application development.You bring: 5-7 years of experience in Application Security or related fieldsPost-Secondary degree or diploma in Engineering, Programming/Systems, Computer Science, or other related discipline.Eligibility to work for Interac Corp. in Canada in a Full Time Capacity.Outcomes driven, the ability to figure-it-out to reach the desired outcome Strong sense of personal responsibility and accountability for delivering high quality work, both personally and at a team level. Ability to communicate effectively to both technical and non-technical stakeholdersAbility to work autonomously with attention to detail. An understanding of technical concepts and are an avid learner of new technology.Technical Skills: Expertise in DevSecOps practices and SSDLC frameworksExperience with threat modelling, design reviews, and risk analysisStrong understanding of security risks, threats, and vulnerabilitiesIn-depth knowledge of authentication, authorization, network security, vulnerability exploitation, and vulnerability remediation.Experience with SAST/DAST/SCA tools such as Veracode, SonarQube, Snyk, or Burp SuiteExperience with overseeing or conducting application penetration testsProficiency in common programming languages used within application development such as Java, JavaScript, or PythonKnowledge of security industry standards and best practices such as OWASP, ISO 27001/2, NISTCybersecurity certificates such as CISSP, CSSLP, OSCPHow we workWe know that exceptional people have great ideas and are passionate about their work.Our culture encourages excellence and actively rewards contributions with:Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.Core Values:They define us. Living them helps us be the best at what we do.Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.Education: To ensure you are the best at what you do we invest in youPlease be aware of certain individuals fraudulently using Interac Corp.’s name and logo to offer fictitious employment opportunities. Interac Corp. will never ask, solicit, nor accept any monies in exchange for employment opportunities. Any such offers of employment are fraudulent and invalid, and you are strongly advised to exercise great caution and disregard such offers and invitations.Please note that under no circumstances shall Interac Corp. be held liable or responsible for any claims, losses, damages, expenses, or other inconveniences resulting from or in any way connected to the actions of individuals performing such fraud. Further, such fraudulent communication shall not be treated as any kind of offer or representation by Interac Corp. or its subsidiaries and affiliates.