Role Summary :

- This role is for Application Security Designer in Sun Life's Information Technology organization. The successful Incumbent will develop, grow and manage our application security program and capabilities focusing on reducing risk in our software delivery processes across enterprise.

- The collaboration will be needed with various Enterprise Application & Infrastructure teams for bringing security controls across entire SDLC, source code scanning & testing, remediation guidance, threat modeling, and enabling automation to continuously test and improve the efficiency of Sun Life's application portfolio to serve clients in secured manner.

- Design thinking and engineering mindset need to be applied to develop solution to implement security control across environments & software development life cycle, detect failing controls and enable shift-left security. The team, consists of application security engineers, is supporting application security for Canada & Asia business in production & non-production environment and technical consultancy & mentor ship need to be provided to deliver expected outcome.

Core Responsibilities :

- Define application security best practices to ensure compliance with enterprise security directives and industry standards

- Collaborate with stakeholders in the Application and Security teams to ensure successful selection, implementation and support of security products and tools.

- Mature every aspect of a comprehensive software security program, including the following:

- Implementation security test tools and processes in the SLDC

- Automation/integration the CI/CD pipeline of security reviews and verification steps

- Developer education and training to ensure developers have the right level of defensive coding and threat modeling skills to successfully deliver secure code.

- Design security solutions to web/mobile apps to present a holistic security posture at enterprise scale

- Interface with application designers, developers, information security, enterprise infrastructure and testing teams to deliver high quality solutions for remediating application security issues

- Relationship management with security vendors through the end to end lifecycle (PoC, acquisition, implementation, operations)

- Drive a Dev-Sec-Ops approach, ensuring integration and automation of security process in software development and operations

- Serve as Application Security point of contact to divisional and/or shared service leadership & various business markets

- Ability to seed new capabilities in the team and evolve the security maturity model.

Mandatory Skills :

Technical:

- Expert familiarity with OWASP Top 10, SANS Top 20 and prevention/remediation techniques

- Experience with security-scanning tools (SAST, DAST, IAST) and techniques

- Core experience in JAVA, Microsoft Technology development (.Net) and support

- Experience with common scripting and compiled languages including C#, Java, JavaScript, Python, PowerShell

- Ability to fully support application security maturity in all phases of the SDLC

Behavioral:

- Excellent communication (both - verbal & written), collaboration and relationship-building skills.

- Demonstrated initiative, creativity & ability to influence

- Client focused mindset - exceed the expectations of our internal and external customers

- Strong interpersonal, communication, motivational, organizational and planning skill

Preferred:

Certification :

CISSP ( Certified Information Systems Security Professional) and/or CISA( Certified Information Systems Auditor) designation and/or CEH( Certified Ethical Hacker)

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.