Senior Cloud Security Engineer with CNAPP experience to join a Application Security Operations Team with one of our major banking clients- 37762

Senior Cloud Security Engineer with CNAPP experience to join a Application Security Operations Team with one of our major banking clients- 37762

Location Address: Hybrid - Toronto - open to fully remote candidates

Contract Duration: 6 months (Possibility of extension & conversion to FTE)

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week

Story Behind the Need

Business group: Application Security - team is enterprise app sec team responsible for reviewing the security scan results and ensure that applications developed are promoted to production without critical high vulnerabilities

Project: With the progressing of Cloud Acceleration Program, the position is required to observe the increasing demand to support the CNAPP DevSecOps Gating operation for current state, and support the standardization and automation of DevSecOps gating for all CNAPP capabilities

We are seeking 2 Cloud Security Engineers to join our Application Security Operations team. This is more of an operations role than some of the others released in this program, triaging tickets and supporting the releases.

Candidate Value Proposition:

The successful candidate will be instrumental in delivering the next generation security capability through a large-scale transformation effort at the Bank; exposure to cutting edge cloud technologies, working on a high visibility project for a top 5 Canadian Bank.

Typical Day in Role:

• Contribute to the success of our cloud transformation by supporting the Review and Triage of the findings flagged by CNAPP

• Manage the Exception/Exemption requests

• Support the Design and Implementation of the DevSecOps gating focusing on automation

• Develop and/or enhance strategies and processes to manage the security vulnerabilities and threats for cloud native applications

• Adhere to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate identified risks

• Develop and/or enhance the strategies and processes to identify, analyze, and communicate cloud workload vulnerabilities as per the CISO Directives, technical standards and published communication process flows

• Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives

Candidate Requirements/Must Have Skills:

1) 10+ years’ relevant working experience in IT (cloud security, application security, etc.)

2) 5+ years’ experience as an application security analyst, with demonstrated experience in security integration, automation of security processes, risk and vulnerability assessment and mitigation (OWASP, CVE)

3) 3+ years’ experience with Cloud Security domains like CNAPP, CWPP, CSPM and/or tools like SCCE, CrowdStrike, Prisma Cloud, Aqua Enterprise, MS Defender etc.

Nice-To-Have Skills:

1) 5+ years’ experience with popular CI/CD tools and processes like BitBucket/GitHub, Jfrog Artifactory, Jenkins, Azure DevOps, GitLab CI/CD, CircleCI

2) 3+ years’ experience with large organization cloud transformation

Soft Skills Required:

• Excellent communication skills and good support skills for triaging and analysis of issues for all development teams

• Proficient at collaborating with various stakeholders to achieve the objectives assigned

Education:

• Undergrad or equivalent experience - valuing work experience more

• GCP PCSE Certification preferred

Best VS. Average Candidate:

Strong background in application security; hands-on work experience with CNAPP (Cloud Native Application Protection Platforms space and have strong Cybersecurity and Cloud security knowledge and skills. In addition, you have strong communication and stakeholder engagement skills, allowing you to understand and implement CNAPP solutions and apply best practices.

Candidate Review & Selection

• 1 round - remote - MS Teams Video Conference Call

• Interview with HM and one or two Senior Lead - 1 hour - technical interview focusing on CNAPP product/solution integration within the SDLC and vulnerability assessment knowledge and skills