Sr Security Consultant Product Security Full-time Job

The role will support the manager of DevSecOps within TELUS Health Chief Security Office in leading the engineering of security at scale within the secure software development cycle, representing CSO.

 

 

 

This individual contributor role will help assess product’s security maturity through consultation, select and implement security controls within their pipelines (WAF, SAST, DAST, IAST, SCA), act as a SME for addressing security vulnerability validation and remediating those findings. This individual will act as a product security evangelist and contribute greatly to the development and implementation of the security champion program. The individual will also be involved in promoting security awareness, disaster recovery planning, testing and corporate security policy maintenance and enforcement as well as threat and risk assessments.

 

.

Working as a partner to the product teams and TELUS Health Cloud program, this role will drive the adoption of secure Cloud and application security within the pipelines and processes of the product.

 

 

 

Provide training and awareness sessions to application development teams, highlighting the benefits of web application layer protection services, and demonstrating exploitation of confirmed security vulnerabilities

Perform comprehensive Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to identify vulnerabilities

Review security scan results and work closely with the development team to prioritize security vulnerabilities using a risk-based approach

Identify vulnerabilities and weaknesses through web and mobile application security assessments, code reviews, threat modeling, vulnerability scanning, and manual application penetration testing

Provide actionable recommendations and guidance to improve the security posture of applications and their supporting technology infrastructure

Collaborate with stakeholders to develop and enhance security policies, procedures, and risk management strategies

Lead key security initiatives, manage projects, and work collaboratively with cross-functional teams

Work across product teams to integrate security into the SDLC / CICD pipeline through consideration of security at each step. Extension of security into the design, developer environment (IDE), software composition analysis, static assessment, and dynamic assessment as part of the local CICD pipeline

Drive consistency of control and solution across the tooling applied within each product team. Whilst a single solution will not always be desirable, seek out consolidation where possible and ensure all solutions have consistent levels of security

Identify, justify and promote the use of shared security services or patterns (e.g. Web Application Firewalls) that can deliver consistent security protection without impeding local product agility or effectiveness

Ensure product development teams have the right level of security expertise to operate their aspects of the security operating model

Work with the SecOps team to define response playbooks for application security incidents, and seek out automation for common events to ensure sustainable T1/T2 operation

Work with the SecOps team to define the runbooks for application security tooling operated by the CSO team, ensuring sustainable security operation across TH’s portfolio of applications

 

 

Responsibilities

 

 

Provides leadership in technology development and supports activities including business requirements definition, design, quality assurance, implementation and technical support

Manages delivery of assigned tasks using project management discipline

Works independently with minimal supervision

Participates in secure SDLC and technology integration projects using security technology tools and techniques

Sets high standards for own work and ensure high quality outcomes are achieved

Prepares project estimates and schedules of project activities as required

Sets realistic and achievable expectations for deliverables

Ensures effective work habits including punctuality, responsiveness and accessibility to others

Coaches and mentors more junior staff members within the IT Group as required

Provides timely feedback to team members on matters related to technology development and team interaction

Works effectively as a member of the TELUS Health CSO

Promotes teamwork and collegiality in the work environment

Observes the corporate values of TELUS Health

Promotes TELUS Health as the service provider of choice in the industry

Attends internal training sessions to build knowledge of industry topics and trends

Assists incident response and remediation, special projects and other tasks, as required

Understanding of regional privacy requirements (GDPR, Australians, Chinese, US, Canadian Privacy Laws)

Managing an enterprise SIEM solution

Able to manage a vulnerability assessment platform (web application and infrastructure) and supplement with penetration testing.

Writing scripts in least one scripting language (Python, Powershell, Linux command line etc) for discovery and auditing purposes

 

 

Qualifications

 

 

What you bring

 

 

 

University degree or equivalent industry experience

Strong communication, presentation, and relationship skills, especially the ability to articulate technical topics

Knowledge of security and industry standards (e.g., ISO, NIST, ITIL, etc)

Knowledge and practical experience any of the following OWASP top 10, OWASP Web application Security Testing Guide (WSTG), OWASP (Mobile) Application Security Verification Standard (MASVS/ASVS), BSIMM, and OpenSAMM

CISSP, CCSP, CRISC or similar Cloud certification are preferred.

Practical Cloud security experience with appropriate certification spanning GCP and either AWS or Azure

Experience working on enterprise Cloud services deployments (SaaS, PaaS, IaaS) and understand security challenges involved in Cloud migration, adoption and operation

Experience deploying and migrating to/from private Cloud environments

Experience with virtual machine management, container orchestration, API management and secure use of serverless technologies

Knowledge of application security, software development with security concepts and integration into the development pipelines.

Experience across SCA, SAST, DAST, and IAST

Experience working with proxy intercept tools such as Burp Suite Pro or OWASP ZAP

Integration experience across pipelines and orchestration tools such as Jenkins, source repositories (e.g. GitHub, bitBucket etc), Integrated Development Environments, and testing tools

Experienced with agile delivery teams and environment

Experienced working in a DevOps / SRE operation

Experience with application security capabilities including Web Application Firewalls, DDoS mitigation, Bot prevention, and associated threat management controls

Familiarity with pipelines, automation and scripting

Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies (STRIDE)

Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks

 

 

Nice to haves

 

 

 

Professional security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and others

Industry-recognized certifications would be an asset. (i.e., OSCP, OSWE, ECDE, Burpsuite Certified Practitioner, GWAPT, eWPT, GMOB, eMAPT etc.)

Experience within a regulated business environment

An insatiable appetite for modern and emerging technologies and tools

#LI-REMOTE

Midpoint Base Salary:  $120,000

Performance Bonus or Sales Incentive Plan:  15%

Actual total compensation can be above or below the listed pay, based on knowledge, skills, performance and experience.

A bit about us
Were a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world.
Youll find our engaging, high-performance culture personally fulfilling, professionally challenging, and financially rewarding. Were committed to diversity and equitable access to employment opportunities based on ability. Your unique contributions and talents will be valued and respected here. When you join our team, youre helping us make the future friendly.