Job Posting Title: Solutions Designer – Level 3 – App Security Assessment
Location: Toronto, ON
Duration: 4 months
Our public sector client is looking for a Solutions Designer – Level 3 for App Security Assessment
The Solution Designer will assess Cyber Security Penetration Test findings/security gaps, analyze exposed application code, and develop technical solution options to implement application or platform/infrastructure level remediation for key Java, Lotus Notes and Oracle/APEX applications. Document and Present solution options to various IT and business stakeholders. And, develop skills, effort, and cost estimates of remediation actions.
- Demonstrated experience assessing services or protocols vulnerable to internal or external attack; effectiveness of firewalls or sensors; trivial account credentials; weak encryption protocols and vulnerable software versions. Experience includes internal custom build applications running on internal cloud.
- Experience of Ethical Hacking & Vulnerability Management; Security controls and design to close vulnerability gaps and possible exploitation; mitigate identified risks and design/lead validation test after identified vulnerabilities remediation.
- Experience or practical knowledge of variety of security assessments including host (computer/image/server) based security assessment; Wireless spectrum security assessment; Static Application Security Testing (SAST); Dynamic Application Security Testing (DAST); Open Source Intelligence gathering (OSINT) and Full spectrum attack simulation (Red team exercises).
- Experience with identifying and closing gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
- Experience communicating and presenting technical information and solutions in business terms, risks, threats and opportunities to client stakeholders. Ability to convince/influence multiple stakeholders about the security threats/risks and need for action/mitigation.
- Demonstrated experience liaising with various IT stakeholders including Corporate Security, Privacy specialists, Architects, Developers, DBAs and Project Managers. Ability to communicate and interact with all the above and form a working partnership.
- Extensive knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, fire-walls, authentication, virus protection, etc.); and a proven working knowledge of security audit protocols and procedures including to PenTest, SQL Injection, etc.
- Knowledge and demonstrated experience of IT concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture, technology architecture and data flows.
- Knowledge and experience with multi-vendor & multi-datacentre system integration and related security design issues. Expert knowledge of IT techniques to secure data transfer between disparate applications located in multiple data centres belonging to different Cloud providers e.g. API integration between two systems in two different cloud services providers.
- Solid knowledge of IT industry security architecture, policies, procedures and standards to protect business and IT assets including SOC, CSA STAR and FedRAMP. Preferable to have knowledge of OPS I & IT strategies, directives, policies and standards including GO ITS Security Standards – GO-ITS 25.1 through 25.21 and 42 GO ITS Standards for: Architecture, Information. Technical, Enterprise Products, Networking
- Comprehensive knowledge of Java/JEE, GIS, .NET and related multi-tiered I&IT technologies, (e.g. JSP/Servlet,JEE, EJB, JNDI, JDBC, JMS, JPA, JAXB, JCache; Open Database Connectivity (ODBC); XML/XSL/XSLT, WebServices, Rational Application Developer (RAD), Software Architect (RSA), WebSphere Integration Developer (WID), Power Designer, WebSphere ND, WebSphere Process Server, Enterprise Service Bus (ESB), SUN Solaris, Windows OS, VPN, PKI, LDAP, Oracle databases, DBMS, PL/SQL, .NET, Zachman Framework; cloud computing), and related standards; extensive knowledge of state-of-the-art IT security management, micro/mini and personal computer systems; and knowledge of emerging technologies.
- Lotus Notes hands-on 3+ years experience including HCL Notes/Domino application development for Notes client (Version 9.0.1); HCL Notes/Domino server commands; Webservices (SOAP/REST) on Lotus script, Lotus Shell Script and Formula language; HCL Enterprise ETL, SQL and Designer
- Hands-on 3+ years experience of developing and maintaining applications using Oracle APEX version 18 and above
- Thorough knowledge of large-scale, complex systems analysis techniques, methodologies and relevant architectures, including strong experience with Service Oriented Architectures (SOA) and related technologies, design of distributed applications, security design and implementation considerations, Cryptography, Authentication and Identity Management, Session Management, Unified Modelling Language (UML) design artefacts and Rational Unified Process (RUP) methodology, design and development, programming concepts and languages, (including advanced knowledge of object oriented analysis and design), internet/intranet technology, and emerging technologies.
- Conceptualising skills, attention to detail, results-focus, plus analytical, evaluation and practical problem-solving skills to develop technical design features and alternatives to ensure effective resolution of identified problems and security gaps.
- Analytical interpretive reasoning and problem-solving skills, to assess, identify and co-ordinate the resolution of technical problems and security issues, conduct research, assess requirements and provide cost effective solution estimates.
- Consultation and client relationship management skills, to work co-operatively with project staff and client stakeholders to discuss application development methods, monitor and manage vendor contacts, and participate on various IT committees.
- Effective written and oral communication skills to prepare reports, technical memos, and presentations and explain technical solutions to IT and non-technical internal and client stakeholders.