Application Security Analyst

Job Description:

The client is looking for an Application Security Analyst to join the application security initiatives of the CSRM Branch.

The duties of the Application Security Analyst include, though are not limited to:

· Utilizing both automated and manual techniques to test security within applications.

· Performance of application vulnerability assessments and penetration testing.

· Responsible for web application and mobile application security testing.

· Responsible for security testing of web services and APIs.

· Performance of code reviews on code developed by AMS team, when required.

· Performance of false positive/negative analysis and providing recommendations to developers.

· Responsible for protecting all web applications using WAF.

Requirements

Mandatory Qualifications/Requirements:

· M1 - Candidate must be a Certified Information Systems Security Professional (CISSP) or a Certified Ethical Hacker.

· M2 - Candidate must be available to work 100 per cent on-site located in a Government of Saskatchewan office in Regina, Saskatchewan, Canada, upon contract start.

Scored Qualifications/Requirements:

· R1 - Local Knowledge

GOS is interested in understanding the Resource’s experience with GOS, or comparable entities, as it relates to the technical and business landscape.

(This requirement is heavily weighted.)

· R2 - Candidate should demonstrate achievements in Application and Information Security outlining that experience in the private and/or public sectors. Experience should clearly indicate success identifying, measuring, and mitigating risks related to application development and implementation of websites and applications.

(This requirement is heavily weighted.)

· R3 - Demonstrated working experience with web protocols such as, though not limited to, HTTP, HTTPS, and SOAP.

· R4 - Demonstrated working experience with web technologies such as, though not limited to, HTML, JavaScript, XML, AJAX, JSON, and REST.

· R5 - Demonstrated working experience with cybersecurity standards including the Open Web Application Security Project (OWASP), Application Security Testing Standard, and security testing tools.

· R6 - Demonstrated working experience utilizing vulnerability scanning and analysis as part of a Risk Management Program.

· R7 - Demonstrated working experience in infrastructure risk identification, reporting, and mitigation.

· R8 - Demonstrated working experience in static and dynamic application security testing using automated tools and manual techniques.

· R9 - Demonstrated working experience evaluating Secure SDLC and DevSecOps programs to establish how to embed security activities within.

· R10 - Demonstrated working experience with cloud security and cloud-based application architecture and different deployment models.

· R11 - Demonstrated working experience with network infrastructure, routing, DNS, and web filtering.

· R12 - Demonstrated working experience with application development/coding security practices.

· R13 - Demonstrated working experience with the ISO 27002:2013/2022, or equivalent, code of practice for information security controls.

· R14 - Demonstrated achievement of an undergraduate degree in Computer Science or an equivalent combination of experience and education is considered an asset.