Senior Software Engineer (Python/Java) to deploy application vulnerability testing tools with one of our major banking clients- 37438/37636

Senior Software Engineer (Python/Java) to deploy application vulnerability testing tools with one of our major banking clients- 37438/37636

Location Address: Hybrid -Toronto - at least 1/week in office - Thursdays, subject to change

Contract Duration: 6 months (Possibility of extension & conversion to FTE)

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week

Story Behind the Need

• Business group: Application Security - deploying application security vulnerability testing tools used by the Bank for vulnerability testing; currently doing a lot of modernization projects updating portfolio for statis dynamic and mobile testing
• Project: Resource will be playing a key role in deploying components of the strategic solution for Application Security space and providing integration support - may work on several initiatives - project is in development stage (have gone through ideation and high level design) going into detail deployment and development

Typical Day in Role:

• Solution Integration: Design and implement integrations between SaaS vendor and bank infrastructure to enable single sign-on, least-privilege access, as well as logging and auditing requirements.
• Continuous Integration/Continuous Deployment (CI/CD): Support the integration of CI/CD pipelines to the SaaS vendor solution.
• Monitoring and Logging: Set up and manage monitoring, logging, and alerting systems using Dynatrace, Zabbix or other automated tool stacks.
• Cloud Management: Be able to assess and implement best practices when configuring cloud SaaS solutions.
• Collaboration: Work closely with development, operations, and security teams to identify and resolve issues, complete threat risk assessments, and improve existing processes.
• Security: Implement security best practices and ensure compliance with industry standards to protect the integrity and confidentiality of our systems and data.
• Performance Optimization: Analyze system performance and implement improvements to enhance efficiency, reduce latency, and optimize resource usage.
• Disaster Recovery: Design and implement disaster recovery plans to ensure business continuity and data integrity in case of system failures or other unforeseen events.

Must Have Skills:

• 10+ years of enterprise IT experience
• 5+ years’ experience as a Software / Security / Integration / DevOps Engineer
• Expert level development experience with either: Python(1st), Java(2nd), Bash(3rd) - (please list which) - can mentor, do code reviews, speak to best practices, etc.
• 5+ years Agile and SDLC experience
• Experience with CI/CD pipelines and automation (e.g. Jenkins)

Nice-To-Have Skills:

• Cloud solution and containerization deployment experience - GCP(1st), AWS(2nd), Azure(3rd),
• Experience with security testing tools (SAST, SCA, DAST)
• Experience/knowledge of security best practices around connectivity (MTLS, SAML, OAuth Client and Credentials IP Allow Listing)
• Cybersecurity experience
• Experience from large highly matrixed enterprise organizations

Education:

• Bachelors in technical field (computer science)

Best VS. Average Candidate:

• Someone who can work independently with stakeholders to implement solution from design, constantly able to update design - Crucial: taking initiative, strong problem solver and is a strategic thinker and can identify solution; experience using vulnerability and security testing tools to help with understanding of software composition (SAST, SCA, DAST), best will have used the tools themselves and have an understanding of how they work, strong independent developer, with programming and automation expertise

Candidate Review & Selection

• 2-3 Rounds - MS Teams Video Interviews - all panels
• 1st - 30 minutes- panel of project team members (senior technical lead, technical resources) - probing on technical expertise and project experience
• 2nd - 45 minutes - follow-up interview with HM (could include project managers/management) culture fit component
• Potential - 3rd if needed to decide between candidates