Security Architect – AppSec

Security Architect – AppSec

ProViso Consulting

Story Behind the Need:

• Business Group: This team functions under the Cryptography umbrella and focuses mainly on strategy building. Currently they are working to have their end to end process documented, particularly with regards to publishing on iOS and Google Play Stores.
• Project: The Security Architect will work closely with development and engineering, devOps, Security Product Management and other application owner teams across the organization to integrate security into the application development lifecycle right from requirements gathering to deployment to monitoring in production. The role will drive the evolution of application security tooling and processes and define the corresponding strategy and roadmap for the Bank.

Typical Day in the Role:

• Collaborate with stakeholders across the Bank – technology, application security product, security advisory, fraud, compliance and business channel teams – to drive the product features and roadmap in application security domains like SAST, MAST, SCA, DAST etc across the Bank.
• Policies for SCA – Security Policies, Licensing Policies and Operational Policies
• Mobile App Publishing – coordinate with stakeholders to define the minimum-security requirements for publishing a Mobile app to the App Store (Google Play store, Apple etc)
• Continuously evolve app sec product features based on industry best practices and emerging security threats
• Govern and define DevOps pipeline and developer tooling use cases to integrate with enterprise app sec products
• Will work closely with multiple cross enterprise teams to gather requirements and the adoption of new security products.
• Implementation and operations governance based on the defined enterprise standard solution architecture and design patterns
• Co-ordinate efforts from business and technology teams.
• Communicate regularly with various business channels on the progress made for various projects in the pipeline

Must Have Skills/Requirements:

• 10+ years’ experience in IT Security with focus on application security and/or devops
• 3+ years product management or similar experience with AppSec domains like SAST, MAST, SCA, DAST and/or tools like Veracode, Checkmarx, NowSecure, Fortify, Snyk, Burp Suite, Zap etc
• 3+ years’ experience with documenting process, requirements and product information
• General knowledge of threat modeling, vulnerability management and risk assessment
• General knowledge of OWASP Top 10, Mitre, CVE/CVSS
• 3+ years’ experience in the financial industry

Nice to have Skills:

• Experience with deployment and managing IaaS, PaaS & SaaS solutions
• Experience with infrastructure as code (IaC)
• Experience with API Security
• 3+ years’ experience with popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
• 3+ years’ experience with CI/CD Pipeline tools and processes like BitBucket/GitHub, Jfrog Artifactory, Ansible, Confluence, Jira, Bamboo etc
• Experience building business cases demonstrative value of a product and cost-benefit analysis
• Security certifications like CISSP

Soft Skills:

• Communication: excellent written and verbal communication and interpersonal skills.
• Must be able to operate effectively within a stressful environment with changing priorities and tight time frames which are closely scrutinized by Senior/Executive Management
• Fast learner with strong analytical skills and improvement mindset.
• High energy, demonstrated ability to work under pressure, deals well with ambiguities and uncertainties, and drives results.

Best Vs Average Candidate:

• The ideal candidate would be able to demonstrate writing and deck preparation skills for technical, management, and executive audiences. As well demonstrate strong communication capability including verbal presentations to senior leadership


• Post Secondary Experience

Interview Process:

• 1 Round of Interviews with the hiring manager and one team member:
o Interviews to take place ASAP

Job Details



4 Months



Latest Blogs

© 2020 ProViso Consulting - Toronto Recruitment and Staffing Agency

× Chat

Send this to a friend