Application Security Analyst

at  Charter

OVERVIEW:

Charter is currently seeking an experienced Application Security Analyst in Regina, SK starting October 2024. The ideal candidate will have 8+ years of Application and Information Security experience identifying, measuring, and mitigating risks related to application development and implementation of websites and applications in the private and/or public sectors. Experience with web protocols (i.e., HTTP, HTTPS, SOAP), and web technologies (i.e., HTML, JavaScript, XML, AJAX, JSON, REST) would be an asset. Previous experience with cybersecurity standards including OWASP Application Security Testing Standard and security testing tools would be an asset. Certified Information Systems Security Professional (CISSP) or a Certified Ethical Hacker (CEH) is mandatory. Location: Regina, SK, Candidates must be able to work in Regina, SK for the duration of the project. Term: 12 months. Strong potential of extension.

QUALIFICATIONS AND EXPERIENCE:

• 8+ years of Application and Information Security experience identifying, measuring, and mitigating risks related to application development and implementation of websites and applications in the private and/or public sectors.
• Certified Information Systems Security Professional (CISSP) or a Certified Ethical Hacker (CEH) is mandatory.
• Experience with web protocols such as HTTP, HTTPS, and SOAP.
• Experience with web technologies such as, though not limited to, HTML, JavaScript, XML, AJAX, JSON, and REST.
• Experience with cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard and security testing tools.
• Experience utilizing vulnerability scanning and analysis as part of a Risk Management Program.
• Experience in infrastructure risk identification, reporting, and mitigation.
• Experience in static and dynamic application security testing using automated tools and manual techniques.
• Experience evaluating Secure SDLC and DevSecOps programs to establish how to embed security activities within.
• Experience with cloud security and cloud-based application architecture and different deployment models.
• Experience with network infrastructure, routing, DNS, and web filtering.
• Experience with application development/coding security practices.
• Experience with the ISO 27002:2013/2022, or equivalent, code of practice for information security controls.
• Excellent communication (written and verbal) in English is required.
• Candidates must be able to work in Regina, SK for the duration of the project.
• Must be authorized to work in Canada.
• Note: Must be legally eligible to work in Canada. Unfortunately, we are not able to sponsor candidates.

• Utilize both automated and manual techniques to test security within applications.
• Perform application vulnerability assessments and penetration testing.
• Conduct security testing for web and mobile applications.
• Perform security testing on web services and APIs.
• Conduct code reviews on code developed by the AMS team when required.
• Analyze false positives/negatives and provide recommendations to developers.
• Protect all web applications using Web Application Firewalls (WAF).