Information Security, Experience with security testing tools and methodologies, Knowledge of ISO 2700x, ITIL, and PCI-DSS
Seeking a candidate for the position of Specialist - Application Security who will report to the Senior Manager, Infrastructure Security and will assist in the creation of an application security-testing program that will serve to improve the security posture of Information Technology Infrastructure applications, servers and network applications. The Specialist - Application Security will regularly conduct vulnerability and application security assessments, provide feedback on issues related to the execution of the program, assist with the creation of action plans, assist with the identification and tracking of risk remediation, provide advice on mitigation safeguards, processes and security best practices and act as a spokesperson on security related subjects.
- Knowledge of IT Governance, Risk and Compliance (GRC) tools and vulnerability reporting;
- Support the IT application security testing program;
- Ability to configure, implement, and maintain security testing tools as well as the configuration of data sources for metric reporting/tracking;
- Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques;
- Collaborate with various Bell's internal stakeholders as well as external partners;
- Produce security assessment reports and distribute to IT Support teams (for remediation);
- Ability to document and educate stakeholders on the findings;
- Ability to research, recommend, and implement changes to procedures and systems to enhance application and systems security;
- Provide feedback on operational and procedural documentation as required;
- Ability to serve as subject matter expert on IT security tools, polices, and controls;
- Take an active role in security-related audits and inquiries;
- Ability to keep up to date on the latest security regulations, advisories, alerts and vulnerabilities; and
- Supporting member as required to the Bell Infrastructure Security team.
- Minimum of 5 years professional work experience in information security
- A security based professional qualification desirable (e.g. CISSP, CISM, CISA, OPST, CEH, GPEN)
- Experience with security testing tools and methodologies in conducting vulnerability and application security assessments
- Ability to analyze IT solutions and technology infrastructure to identify and assess security vulnerabilities, threats, and risks.
- A track record of results and effectiveness in applications technical support, trouble-shooting and analysis, problem resolution, and service availability and reliability improvement roles.
- Think analytically and synthesize technical information from various sources
- High level of personal integrity, and the ability to professionally handle confidential matters and demonstrate a high level of judgment and maturity.
- Excellent skills of verbal and written communications, relationship-building, and influencing others.
- Bachelor's degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent work experience
- Knowledge of ISO 2700x, ITIL, and PCI-DSS.
- Bilingual in French and English would be a strong asset.