Purpose of the Job
The Security Engineer, Vulnerability Management is responsible for operating and maintaining security testing tools. In addition, the role performs security testing, provides security advisory services, and collaborates with technology and business teams to integrate security tools and processes into new and existing applications and cloud environments. The role's primary objective is to reduce risk of security vulnerability exploitation to the business while delivering a high level of satisfaction to internal customers by utilizing automated remedial tasks to improve operational efficiency.
Main Activities:
•Perform security testing using tools such as DAST, SAST, IAST, Mobile DAST, SCA, RASP, EASM, and CSPM.
•Provide security advisory services to technology and business teams in the realm of application and cloud/infrastructure security.
•Maintain application security and cloud security toolsets and ensure that they are up-to-date and functioning properly.
•Escalate outstanding application and cloud vulnerability mitigation requests as required.
•Collaborate with development teams to ensure security is integrated into the development lifecycle
•Assist in the development of documentation for application security processes and procedures.
•Stay up-to date on the latest application and cloud security trends and technologies
Knowledge/Skill Requirements:
- A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
- At least two years of information security experience.
- Strong understanding of Application Security concepts and best practices.
- Understanding of Vulnerability Management concepts and best practices.
- Experience of setting up and running scanning tools for IT Infrastructure and/or Applications Security Testing is required.
- Experience of cloud environment is required.
- Understanding of CI/CD pipeline and approaches to automate security testing is an asset.
- The following certifications are an asset: CCSP, CCSK, CISM, CISSP, or CRISC.
- Understanding and experience with PCI, MITRE ATT&CK, BSIMM, NIST, ISO 27K an asset.
- Experience working in a banking or financial services environment is an asset.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Reports directly to the Manager, DevSecOps & Infrastructure Security
- This position sets priorities for themselves
- This position is empowered to make decisions that impact their own position, however, there is decision-making involved relating to vulnerability management, which could have a potential impact on the overall reputation of the bank.
- It is unlikely the decisions made in this position would have a long-term performance impact to the bank.
- This position requires contact with suppliers, and potentially with other FIs through information sharing circles, like FS-ISAC. The nature of contact with suppliers is to troubleshoot issues with current products; to understand capabilities of new products. The nature of contact with other FIs is sharing information related to the cyber threat landscape and how to industry is adapting.
Accountability:
What We Do
MakeBank on everyday banking: Earn high interest on every dollar Say no to fees No minimum balances Powered by Equitable Bank, a Schedule I Canadian Bank EQB Inc. (formerly Equitable Group Inc.) trades on the Toronto Stock Exchange (TSX: EQB and EQB.PR.C), directly serves over 607,000 Canadians through its wholly owned subsidiary Equitable Bank, Canada's Challenger Bank™, and serves over 200 Canadian credit unions that serve over 6 million of their members with products and services. Equitable Bank has grown to become Canada's 7th largest independent Schedule I bank with over a $119 billion in assets under management and assets under administration, and a clear mandate to drive real change in Canadian banking to enrich people's lives. At Equitable Bank, we are as invested in our employees as we are in our business. That’s why we are consistently recognized as one of Canada's Top Employers – a rating that comes from our 1,800 employees. Equitable Bank’s inclusive, welcoming, and pride-inducing workplace earned it the honour of being recognized as one of the top 50 organizations on the 2023 list of Canada’s Best Workplaces™. Founded over 50 years ago, Equitable Bank provides diversified personal and commercial banking, and through its EQ Bank platform (eqbank.ca), which has been named #1 Bank in Canada for three consecutive years on the Forbes World's Best Banks list for 2021, 2022, and 2023. Equitable Bank website: www.equitablebank.ca EQ Bank website: www.eqbank.ca Specialties Lending, Mortgages, Residential Lending, Commercial Lending, Reverse mortgages, Insurance lending, Equipment leasing , Credit Union, Trust, and Funds Management