Senior Red Team Operator executing Red Team and Purple Team operations in Canada. Delivering scenario - driven operations in a continuously evolving cybersecurity landscape.
About the role
- DevSecOps Specialist leading Secure-SDLC initiatives and application security projects at Marsh. Collaborating with teams to enhance security practices and tool integrations.
Responsibilities
- Lead initiatives related to DevSecOps and Secure-SDLC.
- Enhance the company’s Secure Software development Lifecycle (Secure-SDLC) which in turn will reflect the company’s Application Development Security Policy,
- Select and standardize application security tools. This includes vendor/tool assessments and full POC,
- Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes,
- Define and enhance application security requirements and standards which must be designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.
- Advise the application security leadership on best practices and standards around application security tools with main focus on shift-left, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely, and free from security defects, by design
- Assess security tools and related processes currently used within the various Software Development Life Cycle processes to identify improvements opportunities, and rationalize the tools set
- Select new application security tools including vendor/tool assessments and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use
- Draft documentation for the Secure-SDLC and DevSecOps to illustrate the frameworks and its process guidelines to internal customers ensuring the style is palatable and easy to navigate
- Assess impact of new publications from the security industry (e.g. NIST 800-XXX, ISO 2700X:2022, etc) on the company’s AppSec programs
- Research new trends and advise the application security leaderships on impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency and effectiveness of current processes, etc.
- Promote secure coding standard and all related processes
- Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Application Security
- Automate and integrate security scan and analysis tools into the DevSecOps pipeline
Requirements
- 5 years+ DevSecOps and Secure-SDLC work experience
- CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required
- Post-secondary education or equivalent experience as a DevSecOps Engineer
- Develop/enhance and implement the Secure-SDLC framework
- Design, implement, and rollout DevSecOps automations and tool chain
- Implement sensors to collect data on key metrics for statistics and reporting
- Serve as the subject matter expert in Secure-SDLC and DevSecOps
- Advise on the processes and standards that are designed to implement a company’s Application Development Security Policy
- Experience in designing Secure-SDLC processes and relevant tooling to support the processes
- Experience in software/application analysis tools like SAST, DAST, SCA, threat modeling, supply-chain etc.
- Technical hands-on experience in automating and integrating security scan and analysis tools into the DevSecOps pipeline.
- Experience in one or more programming languages
- Familiarity with security frameworks (OWASP Top 10, SANS Top 25, CWE)
Benefits
- health and welfare benefits
- tuition assistance
- retirement programs
- employee assistance programs
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Director of Access Request Control at RBC establishing a framework for access request compliance. Collaborating across teams to streamline access and audit processes.
Product Owner driving evolving proactive security services portfolio across Risk Advisory, Application Security, and Cloud & AI Security. Collaborating with technology stakeholders to deliver high - value outcomes.
LP
Cybersecurity – Identity & Access Management (IAM)
LinkedIn Recruiter Post
Hiring Cybersecurity IAM expert for 12 - month contract in Toronto, ON. Requires 10+ years in IAM, AI/ML Security, and Zero Trust.
Loss Prevention Home Office Security Coordinator ensuring workplace safety and security for TJX Canada. Responsible for day - to - day monitoring and crisis management as a first responder.
Manager of Global Security and Safety at Genetec leading global security programs and protecting physical assets. Collaborating with executive leadership to implement risk - based security strategies.
Consultant managing complex cybersecurity projects remotely for Optiv in Vancouver. Establishing relationships and leading technology deployment in business continuity and resilience.
Product Manager directing the product roadmap and execution for OCIANA capabilities. Collaborating with stakeholders to enhance maritime security and operational decision - making.
Principal Business Information Security Officer at LastPass leading risk advisory and governance processes. Driving cross - functional collaboration to ensure scalable security frameworks in a competitive environment.
Cybersecurity Generalist role at PwC focusing on security solutions and cybersecurity practices. Leading projects and mentoring team members while identifying opportunities for the firm’s success.