Sr. Application Security Specialist-Java (GCS)

What is the opportunity?

Reporting to the Senior Manager of Application Security Transformation you would provide technical execution in the area of Application Security for the global RBC business and application development teams across all enterprise information technology groups. You will be participating in the development of application security best practices, tools, and processes. You will also help execute various application security projects across all RBC lines of business. This role will also require you to have a solid understanding of DevSecOps, CI/CD pipelines and various application security testing techniques such as SCA, SAST, DAST and IAST.

What will you do?

• Develop integration capabilities by partnering with the Enterprise DevOps team
• Develop automation for tools onboarding and security controls enforcement
• Support end users of a DAST tool managing tickets through a ticketing platform
• Review Dynamic application security testing reports and validate findings and false positives and assist developers in remediation
• Educate key organizational stakeholders (e.g. developers, security consultants, executives) on application security matters across the organization
• Assist in the development, evaluation, and implementation of application security controls and processes
• Work in a diverse environment leveraging other team members experience and knowledge
• Participate in and lead a range of application security assessment activities
• Ensure applications are thoroughly tested for security vulnerabilities using industry best practices before production release
• Research and keep up to date on application security emerging threats, techniques, tools and trends
• Develop metrics to measure the Security and Risk posture of RBC applications

What do you need to succeed?

Must have:

• A relevant degree or certificate in Computer Science a comparable field of study, or equivalent practical experience
• Knowledge of OWASP, SANS or other security-related frameworks
• Exposure to application security best practices such as secure coding, security testing techniques and Secure Software Development Lifecycle
• Experience developing and testing apps in any of the programming languages: Python, Java (preferred)
• Understanding of CI/CD, DevOps and DevSecOps approaches and experience working with DevOps tools
• Knowledge of SCA (Software Composition Analysis), SAST (Static Application Security Testing) & DAST (Dynamic Application Security Testing) tools
• Strong written and verbal communication skills
• Strong ability to manage client and stakeholder relations
• Ability to help and mentor junior members of the team
• Solid understanding of OWASP Top 10 Web & API

Nice-to-have:

• Experience working with SCA, SAST/DAST tools
• Understanding of GitHub Actions-based pipeline & GitHub Advanced Security tools
• Prior experience in leading Security Controls & Enforcement
• Experience working in a tool support role

Whats in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference in our communities, and achieving mutual success

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• Flexible work/life balance options
• Opportunities to do challenging work and take on progressively greater accountabilities

#LI-Hybrid

#LI-POST

#TECHPJ

Job Skills

Additional Job Details

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above