Senior Security Software Engineer

Description:

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Sun Life seeks a talented individual to fill the role of Senior Application Security Analyst within Application Operations Services team. The ideal candidate will play a key role in Application Security, Vulnerability management, security testing and patching program within Sun Life.

This role requires Canadian Enhanced Reliability Security clearance [a minimum of 5 years of consecutive residency in Canada].

What will you do?

• Lead the Web Application scanning program leveraging WebInspect, BURP, Seeker and other DAST/IAST tools.
• Assist in reviewing vulnerabilities from various sources such as DAST, IAST, Penetration tests and work with various development teams to resolve them in timely fashion.
• Conduct penetration testing on applications before release and make sure teams are compliant with application security directive.
• Create metrics (KPI and KRIs) for vulnerability management program and present to higher management.
• Help create security processes and tooling to detect and prevent classes of security issues.
• Educate development teams on OWASP top 10 vulnerabilities for Web, Mobile and APIs.
• Automate redundant security tasks and bring in efficiencies within existing security processes.
• Provide ongoing support of mobile and web application systems in production including responding to operational requests, problem analysis, resolution, escalation, and reporting as necessary
• Create and maintain supporting documentation

What you need to succeed:

• Demonstrated experience leading vulnerability management and analysis.
• Hands on experience with SAST, DAST, IAST and Penetration Testing tools and techniques
• Strong working knowledge of Java, J2EE, web services and application integration technologies
• Expert knowledge of OWASP top 10 (Web, Mobile, APIs) and SANS top 25
• Experience with secure development and testing of APIs, microservices, containers and Cloud (AWS) is a big plus.
• Working knowledge of CA Patching tool is good to have.
• Good understanding of Agile methodology and comfortable with Scrum/Kanban and sprint ceremonies.
• Security certifications such as GWAPT, GWEB, CEH, CASE, CSSLP or similar preferred but not required.