Share this Job

Information Security Developer

Date: May 15, 2019

Location: Toronto, ON, CA

Company: Scotiabank






Requisition ID: 62277


Join the Global Community of Scotiabankers to help customers become better off.

Vulnerability Management Services has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.


The Information Security Developer is responsible for supporting the Senior Manager, Directors, VP, SVP and CISO in achieving IS&C strategic goals through various processes including:

  • Develop and/or enhance strategies and processes to manage vulnerabilities and threats for transactional, marketing and informational web sites.
  • Develop and/or enhance the communication model to manage vulnerability remediation with support teams on behalf of the business owner.
  • Develop and/or enhance reporting to development teams and all levels of management to provide proper tracking and measurement of remediation relative to established objectives.
  • Recommend, design, assess, implement, deploy and maintain vulnerability controls required to protect Scotiabank and its customers.
  • Develop, integrate and provide infrastructure support for various Vulnerability Management Systems including Fortify, WebInspect Enterprise, Software Security Centre, Configuration Compliance Manager, IP360 and Tripwire Enterprise.
  • Comprise, implement and streamline technical integration strategies for IS&C systems into Global Accelerator Pipelines and the SDLC.
  • Design technical strategies and processes to manage vulnerabilities and threats for transactional, marketing and informational systems.
  • Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
  • Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.



  • 5+ years’ experience with full stack Java / J2EE developing Multi-tier Web Applications, Web Services and Web API’s using Spring or other Java-based frameworks.
  • Experience implementing Continuous Integration and Continuous Delivery pipelines with Jenkins (DevOps / SecOps).
  • Experience provisioning, integrating and leveraging relational databases (MSSQL, MySQL, PostgreSQL, Oracle).
  • Experience with Node.js and JavaScript.
  • Experience within an Agile development environment utilizing JIRA
  • Experience with business intelligence, data analytics and reporting tools (e.g. Power BI, Cognos, Tableau).
  • Experience with Static Application Security Testing Tools with Fortify.
  • Experience with Dynamic Application Security Testing Tools with WebInspect.
  • Experience in data migration or batch processing with Python.
  • Must have the ability to generate reports and tailor communication strategies for various levels of technical staff, executive management, and business clients.
  • Good communication and support skills for triaging and resolving technical issues.
  • CISSP and/or CISA designation beneficial but not required.

Location(s):  Canada : Ontario : Toronto 

As Canada's International Bank, we are a diverse and global team. We speak more than 100 languages with backgrounds from more than 120 countries. We value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Job Segment: Developer, Information Security, Bank, Banking, Technology, Security, Finance