Senior Information Security Engineer

STEMCELL Technologies Inc.
Job Year Level
Graduated Undergrad
Job Type
Full Time

Do you live and breathe IT Cyber Security? Are you looking to align yourself with an innovative purpose-driven organization that supports life science research? You will be responsible for application security and provide technical advice to internal teams on cloud security, application security and secure coding techniques. You will also be responsible for participating in information security incident response and providing expertise in the mitigation of information security risks.

As a senior member of the Information security team, you will actively participate in STEMCELL application security architecture definition and implementation, with a focus on secure software development life cycle and continuous improvement. The role includes taking escalation from and mentoring information security and developer team members in cloud and application security.

Duties and Responsibilities

  • Develop software security and software development lifecycle guidance including training material, best practices and secure coding checklists

  • Be a source of information security subject matter with expertise in Web Application Security

  • Provide security consultancy and advice to software development teams - providing teams with functional security requirements

  • Perform security assessments, with and without source code access and security design reviews

  • Implement security automation as part of assessment and CI/CD

  • Provide or supervise penetration testing and retesting support

  • Work closely with business Agile teams to promote secure code development by providing security requirements throughout the development process

  • Cross-train other team members on application security practices & technologies

  • Work closely with Information system and business teams to promote secure code development by providing security requirements throughout the development process

Knowledge and Qualifications

  • Bachelor's degree and/or diploma with 10+ years with 5+ years of experience in information security

  • ISC2 CISSP Certification, AWS Security Certification, Offensive Security Web Assessor (OSWA), or equivalent industry certifications

  • Understands and is comfortable explaining OWASP top 10

  • Strong communication skills with the ability to explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, to both software developers and management

  • Ability to perform manual assessments via tools such as HTTP Proxies (BurpSuite Pro, OWASP ZAP), automation scripts, shell scripting w/ curl, fuzzers, and other commercial and open source tools

  • An understanding of systems and application exploitation, attack strategies and methods, current information security technology and cyber threat mitigation tools.

  • Experience working with AWS cloud and SaaS infrastructure environment

  • Experience in Web Application Security protection, monitoring, and auditing. 

The full job description can be viewed here.