On behalf of our client, Affinity is looking for a Security Developer to help secure products and corporate technologies. You’ll be working on identifying and recommending fixes for security bugs, design, develop and deploy security technologies, perform code reviews & penetration tests and provide advisory & guidance on security solutions. While based out of our Vancouver office you will report to the Director, Information Security.
Responsibilities
- Work closely with software development staff to develop tools and practices to support our client's Secure SDLC and controls framework
- Develop significant security engineering components from inception to production with minimal oversight and guidance
- Support the technical components of our incident response team by executing operational runbooks as required
- Support and advise the Production DevOps teams in the design and implementation of a secure cloud hosting platform
- Recommend and deploy tooling to manage security in the delivery pipelines as well as production systems
- Conduct security assessments of applications by doing code reviews and provide mitigation recommendations
- Perform penetration tests of applications using manual and automated methods to identify vulnerabilities
- Provide advisory on security bug remediation to development staff and other security staff
- Provide security awareness training to highly technical development and development operations staff
- Participate in security incident on-call rotation schedule
Qualifications
- Degree or Diploma in Computer Science or Engineering, along with cloud engineering certifications or willingness to obtain
- 3-5 years of experience with at least 1-2 years of experience in a similar role, and 2+ years of experience in one or more of the following roles - application architect, system architect, software developer, system administrator
- Prior experience as a software developer is an asset or having the ability to read and understand PHP, Scala and Golang source code
- Experience working in a cloud (preferably AWS) environment with CI/CD along with extensive familiarity with Unix / Linux based operating systems
- Solid understanding of application and database security concepts and architectural principles around authentication, authorization, session management, configuration management, data handling and cryptography
- Thorough understanding of web and mobile application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities
- Experience in providing solutions to and leading numerous security vulnerability remediation activities
- Specific experience in dynamic application security testing using techniques and tools like Burp Suite, Nikto, Appscan, Paros, Fiddler, WebInspect, Skipfish, etc.
- Collaboration and Teamwork: works with others to deliver results, meaningfully contributing to the team and prioritizing group needs over individual needs
- Creativity and Innovation: seeks new and better ways of doing things, generates original and imaginative ideas, products, or solutions
- Customer Focus: demonstrates a desire to proactively help and serve internal/external customers meet their needs
- Open Communication: clearly conveys thoughts, both written and verbally, listening attentively and asking questions for clarification and understanding
- Problem Solving: uses an organized and logical approach to find solutions to complex problems. Looks beyond the obvious to understand the root cause of problem
About Affinity:
Affinity is a full service Information Technology agency that takes a unique approach to recruiting. We believe recruiting is about creating long term relationships that foster a mutually beneficial partnership - an affinity. Bringing a new style of recruiting founded on four core principles – Transparency – Flexibility – Efficiency – Agility.
For more information on Affinity, please visit
www.affinity-group.ca