Application Security Specialist
Every day, our software is used by millions of people around the world, and we are looking for developers who share in our excitement and passion for transforming the way the world learns. At D2L, we believe that learning should be accessible and engaging. Our goal is to create easy, flexible, and smart software that ignites the desire to learn in everyone. To do this, we need to give talented, enthusiastic, and passionate people, like you, opportunities to create, develop, and collaborate on projects that revolutionize the learning environment.
About the role!
We are looking for an experienced Application Security Specialist to continue improving how we protect our customers’ data. As part of the InfoSec team, you will help identify security and privacy risks in our application code and software development practices, and will work closely with developers to empower them and mature the culture of security at D2L.
How will I make an Impact?
Educating and Empowering Teams
- Ensure development teams are well-trained in application security
- Ensure development teams are well-trained on secure development processes
- Support architecture review processes whenever application security expertise is needed
- Support development teams whenever application security expertise is needed
- Respond to sales inquiries whenever application security expertise is needed
Advancing Security Processes
- Improve, support, and automate our suite of tools and processes for application security testing and validation
- Manage routine 3rd-party penetration testing services
Responding to Incidents
- Investigate and respond to incidents related to application security
Assessing and Reporting on Risk
- Report on the state of application security risks to the business
- Report on the state of application security programs and the performance of development teams against targets
What you’ll bring to the role:
- Deep hands-on experience with agile development processes and have experience integrating secure development practices into the model. The ideal candidate has experience writing and testing web applications and web services.
- You can explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
- You have experience automating a wide variety of tasks and processes.
- Excellent written and verbal communication skills.
- 5+ years of relevant work experience.
- Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring.
- One of the following certifications is recommended: (ISC)2: CISSP, CCSP or CSSLP.
- Familiarity with industry standards and regulations such as PCI-DSS, SOC1, SOC2 and ISO27001.
WHY WE'RE AWESOME:
- Flexible work hours
- Health and wellness programs
- Collaborative work environment
- Dog Friendly office
- Snacks and food trays!
- Foosball, Ping-pong, Darts, Pinball, Arcade and Board Games
- Showers on site
- Centrally located in downtown, close to restaurants and pubs, easily accessible by public transit