Position: Application Security Specialist
Location: Fully Remote (Edmonton, Alberta, CAN- T6H 5T6)
Long Term Contract
Note:
• Work must be done from within Canada, due to network and data security issues.
• It is primarily the role will be 100% remote, however in the event of an onsite meeting, the GoA does not pay for travel to attend on-site meetings, nor any expenses related to relocation, commuting, housing/accommodation, food/drink.
• The expectation will be for the resource to work from the office 3 days a Month
• This resource will primarily work remotely; however, the resource may be required to attend meetings or work sessions in office on reasonable notice from the Province. At the time of providing such notice, the Province will advise of the expected duration of any such meetings or work sessions. However, time to travel and any associated expenses to and from Edmonton and/or travel within Alberta will be at no cost to the Province.
Project’s Scope:
· The Client is enhancing its security posture by adopting DevSecOps as a methodology. As a result, a senior Applications Security Specialist is required to assist application teams in developing the security components of the process, automation, and tooling.
· A strong background in application development and architecture (with a focus on the security architecture domain) is required, as is experience in utilizing DevSecOps to enable automation and testing.
Responsibilities / Duties:
• Assist Departments in assessing, selecting, implementing and verifying the effectiveness of security controls.
• Developing or reviewing application architecture for information technology systems from a security perspective.
• May also conduct vulnerability and penetration testing activities and provide a hands-on assessment of applications to identify potential weaknesses.
• Perform a thorough examination of the IT application and identify the weak points.
• Vulnerability assessment interprets and compares results against the various business processes to determine whether the perceived vulnerability is indeed valid, is a false positive or whether other security controls address the perceived vulnerability.
• Determine if the protective controls of a given IT system can be bypassed by actively exploiting identified weaknesses.
• Provides evidence (sometimes to an unbelieving audience) that vulnerabilities can be exploitable.
· Some activities include:
• Application vulnerability scanning to identify potential vulnerabilities in web and application services.
• Web application penetration services to simulate real attacks on web and application services
SUBMISSION MUST INCLUDE:
• RESUME in MS-WORD FORMAT.
• ALL REQUIRED EXPERIENCE MUST BE DESCRIBED IN RESUME UNDER THE JOB/PROJECT WHERE EXPERIENCE WAS ATTAINED.
• EACH JOB/PROJECT MUST CONTAIN THE TERM OF THE JOB/PROJECT IN THE FORMAT MMM/YYYY to MMM/YYYY.
• RESOURCE REFERENCES: 3 Professional references, for whom similar work has been performed, must be provided. The most recent reference should be listed first. Reference checks may or may not be completed to assist with scoring of the proposed resource.