Purpose
Contributes to the overall success of the Application Security / Vulnerability Management Services in Canada ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.
Accountabilities
- Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
- Recommend, design, assess, implement, deploy, and maintain mobile application security tools required to protect Scotiabank and its customers.
- Develop and/or enhance the strategies and processes to identify, analyze, and communicate mobile application vulnerabilities as per the CISO Directives, technical standards, and published communication process flows.
- Adhere to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate identified risks.
- Develop and/or enhance strategies and processes to manage mobile application security vulnerabilities and threats for mobile applications.
- Develop and/or enhance communication model to manage mobile application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
- Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives
- Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
- Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
- Champions a high performance environment and contributes to an inclusive work environment.
Education
- A strong understanding of Mobile Applications and related platform vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
- 3+ years’ experience testing Mobile Applications
- Strong understanding of Mac and Linux operating systems
- Experience side loading mobile applications on both iOS and Android platforms
- Experience with jailbreaking and rooting both iOS and Android devices
- Experience with virtualization technologies such as Docker
- Must have the ability to generate reports and tailor communication strategies for various levels of technical staff, executive management, and business clients.
- Good communication and support skills for triaging and resolving technical issues.
- Experience with scripting languages is essential (Python, Bash, Powershell, etc.)
- Proven leadership delivering Enterprise secure software development, testing and validation capabilities and practices.
- Must have a comprehensive understanding of the HTTP protocols, SSL, Secure Software Development Lifecycle (SDLC) and mobile programing for mobile applications.
- Experience performing source code and/or mobile application security assessments, including risk assessments, and penetration testing. The ability to demonstrate exploitation of vulnerabilities is essential, as would experience with vulnerability testing and scanning tools such as BURP Suite, NowSecure, MobSF, radare2, and Frida.
- CISSP and/or CISA designation beneficial but not required.
- CEH, OSCP, GMOB Certifications are considered an asset.
- University degree or college diploma, and a minimum of four (4) years equivalent security industry-related experience required.
#Cyberatscotia #LI-hybrid
|