DevSecOps Security Analyst — Remote
Advance your career in the insurance industry by contributing to secure, innovative digital solutions. Work in a collaborative environment, leverage modern application security practices, and help strengthen the protection of business-critical systems while expanding your technical expertise.
What is in it for you:
- Salaried: $30-37 per hour.
- Incorporated Business Rate: $40-44 per hour.
- 8-month contract with the potential for permanent employment.
- Full-time position: 37.50 hours per week.
- Monday to Friday, 9:00 am. to 5:00 pm.
- Enjoy the flexibility of remote work.
- On-site 1–2 times per quarter.
Responsibilities:
- Assist with the operation and management of application security tools, including SAST, SCA, MAST, and DAST.
- Review vulnerability assessment results and provide remediation guidance to delivery teams.
- Conduct reviews of application security tools and perform tuning and upgrades based on penetration testing findings.
- Create key performance indicators (KPIs) and key risk indicators (KRIs) for the vulnerability management program and present results to senior management.
- Participate in the development of application security and vulnerability management directives.
- Educate development teams on the OWASP Top 10 vulnerabilities for web, mobile, and API applications.
- Automate repetitive security tasks to improve the efficiency of existing security processes.
- Provide ongoing production support for web and mobile application systems, including operational requests, problem analysis, resolution, escalation, and reporting.
- Create and maintain supporting documentation.
What you will need to succeed:
- University or college diploma in Computer Science, Engineering, or an equivalent discipline.
- CISSP, CEH, or another cybersecurity certification.
- 2 years of experience in IT design, application design, and implementation.
- 3 years of experience in cyber application security.
- 1 year of experience designing automation and automating systems.
- 2 years of software development experience using C++, Java, or .NET.
- 1 year of experience managing application security platforms, including SAST, DAST, SCA, and mobile security tools.
- Solid understanding of DevSecOps and Agile security concepts.
- Hands-on experience with SAST, SCA, DAST, and MAST tools and techniques.
- Expert knowledge of the OWASP Top 10 for web, mobile, and APIs, as well as the SANS Top 25.
- Demonstrated experience leading vulnerability management and analysis.
- Experience working in an Agile environment.
- Ability to communicate effectively with both technical and non-technical audiences and collaborate with business partners and infrastructure teams.
- Self-motivated, proactive, and driven with strong problem-solving abilities.
- Ability to create professional Visio diagrams.
- Security certifications such as GWAPT, GWEB, CASE, or CSSLP are considered an asset.
- Experience interpreting penetration testing findings is considered an asset.
- Programming knowledge is considered an asset.
- Experience with secure development and testing of APIs, microservices, containers, and AWS cloud environments is considered an asset.
- Knowledge of software development and vendor procurement life cycles is considered an asset.
- Experience designing and implementing DevSecOps CI/CD pipelines is considered an asset.
- Experience in process engineering is considered an asset.
- Strong working knowledge of Java, J2EE, web services, and application integration technologies is considered an asset.
- Experience designing and implementing cloud solutions is considered an asset.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
Pay: $30.00-$44.00 per hour
Benefits:
Experience:
- IT design, application design, and implementation: 2 years (required)
- Cybersecurity application security: 3 years (required)
- System automation and automation design: 1 year (required)
- Software development experience (C++, Java, or .NET): 2 years (required)
- Security platforms (SAST, DAST, SCA, MAST/Mobile): 1 year (required)
- Understanding of DevSecOps and Agile Security principles: 1 year (required)
- SAST, SCA, DAST, and MAST tools and methodologies: 1 year (required)
- OWASP Top 10 (Web, Mobile, APIs) and SANS Top 25: 1 year (required)
- APIs, microservices, containers, and AWS cloud environments: 1 year (preferred)
- Designing and implementing DevSecOps CI/CD pipelines: 1 year (preferred)
- Java, J2EE, web services, and application integration: 1 year (preferred)
- Programming knowledge and pen test findings review: 1 year (preferred)
- Software development and vendor procurement lifecycle: 1 year (preferred)
- Process engineering and cloud solution design: 1 year (preferred)
Licence/Certification:
- GWAPT, GWEB, CEH, CASE, CSSLP, or equivalent (preferred)
Work Location: Hybrid remote in Toronto, ON