Please be advised that our Careers site will be unavailable from November 28 at 12am ET to November 29 12am ET for scheduled system maintenance.

Title:  Senior Lead Mobile Application Security




Requisition ID: 188280

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.



Contributes to the overall success of the Application Security / Vulnerability Management Services in Canada ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives.  Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.




  • Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
  • Recommend, design, assess, implement, deploy, and maintain mobile application security tools required to protect Scotiabank and its customers.
  • Develop and/or enhance the strategies and processes to identify, analyze, and communicate mobile application vulnerabilities as per the CISO Directives, technical standards, and published communication process flows.
  • Adhere to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate identified risks.
  • Develop and/or enhance strategies and processes to manage mobile application security vulnerabilities and threats for mobile applications.
  • Develop and/or enhance communication model to manage mobile application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
  • Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation relative to established objectives
  • Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
  • Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
  • Champions a high performance environment and contributes to an inclusive work environment.



  • A strong understanding of Mobile Applications and related platform vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
  • 3+ years’ experience testing Mobile Applications
  • Strong understanding of Mac and Linux operating systems
  • Experience side loading mobile applications on both iOS and Android platforms
  • Experience with jailbreaking and rooting both iOS and Android devices
  • Experience with virtualization technologies such as Docker
  • Must have the ability to generate reports and tailor communication strategies for various levels of technical staff, executive management, and business clients.
  • Good communication and support skills for triaging and resolving technical issues.
  • Experience with scripting languages is essential (Python, Bash, Powershell, etc.)
  • Proven leadership delivering Enterprise secure software development, testing and validation capabilities and practices.
  • Must have a comprehensive understanding of the HTTP protocols, SSL, Secure Software Development Lifecycle (SDLC) and mobile programing for mobile applications.
  • Experience performing source code and/or mobile application security assessments, including risk assessments, and penetration testing. The ability to demonstrate exploitation of vulnerabilities is essential, as would experience with vulnerability testing and scanning tools such as BURP Suite, NowSecure, MobSF, radare2, and Frida.
  • CISSP and/or CISA designation beneficial but not required.
  • CEH, OSCP, GMOB Certifications are considered an asset.
  • University degree or college diploma, and a minimum of four (4) years equivalent security industry-related experience required.

#Cyberatscotia #LI-hybrid


Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Job Segment: Testing, Technical Support, Investment Banking, Risk Management, Corporate Security, Technology, Finance, Security