When you’re passionate about what you do and where you work, the rest comes easy. That’s the culture at Central 1 Credit Union, and that’s precisely what we’re looking for from you. Supporting nearly 150 member credit unions across British Columbia and Ontario, we’re the backbone of the credit union system in both provinces – taking care of everything from online services and product development, to payment processing, trade association services and more.

Our team of over 600 employees represent some of the most innovative, passionate individuals you’ll ever meet; people who honestly care about the organization, its members and each other. In other words, people who love what they do.

The Application Security Specialist will have extensive experience in full stack Java development, be comfortable articulating the principles of secure coding to the Development and Technology teams within Central 1, and enjoy identifying and remediating application vulnerabilities for breakfast. The ideal candidate is expected to improve the security posture of Central 1’s application portfolio through not only the direct application of their skills in the areas of Threat modelling, Secure coding methodology and Application Vulnerability testing, but also in educating others to build our Information Security capabilities across the organisation.

The ability to adapt to a varied audience and work well with others is a key component in this role, as project teams will rely on the resource’s experience and analytical skills to effective identify and prioritize threats and both suggest and coach the development of effective controls.  In order to effectively report and assess security capabilities, the ideal candidate will be responsible for maintaining and growing the penetration and application vulnerability testing program at Central 1. They should be familiar with commercial off the shelf testing tools such as vulnerability scanners, intercepting proxies and be capable of writing exploits using a language of their choosing.

Additional responsibilities may include involvement in the implementation of new security solutions, leading in the creation of security architecture documentation and/or maintenance of policies, standards, baselines, and guidelines.

Responsibilities Include

Strategy & Planning

• Facilitate Threat Modelling and Risk assessments at both a product and project level
• Participate in the planning and design of enterprise security architecture, under the direction of the Information Security Manager, where appropriate.
• Participate in the creation of enterprise security documents (architecture blueprints, policies, standards, baselines, guidelines and procedures) under the direction of the Information Security Manager, where appropriate.
• Provide oversight and contribute to the design and deployment of application solutions within Central 1 to ensure they are carried out following industry standard best practices.

Acquisition & Deployment

• Maintain up-to-date detailed knowledge of the information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Develop secure testing strategies for new application deployments.

Operational Management

• Participate with investigations into problematic activity, triage vulnerable application components and validate fixes provided to mitigate existing vulnerabilities.
• Provide a leadership role in the design and execution of vulnerability assessments and penetration tests.

Formal Education & Certification

• University degree and 7 years Information Technology related work experience, ideally with 5 or more years spent working in a web application development function and 2 or more years working on application security
• One or more of the following certifications is preferred:
  • (ISC)2 - CISSP, or CSSLP
  • GIAC - GSEC, GCIH, GCIA, GCFE, GWAPT or GPEN
  • OSCP, OSWP

Knowledge & Experience

• Experience with threat modelling techniques such as STRIDE.
• Experience with Java development including secure coding practices and building exploits to target weak code.
• Experience deploying and supporting complex web application environments.
• Experience with Web Application Security Testing.
• Experience developing applications in the financial services environment.
• Experience with two or more of the following scripting languages: Perl, Python, Ruby, Bash and PowerShell.
• Detailed understanding of OWASP Top 10 and SANS Top 25.
• Strong understanding of IP, TCP/IP, and other network administration protocols.
• Strong understanding of Windows, Linux, and Mac operating systems.
• Familiarity with incident management, issue tracking systems, and ISO 27001.
  

Personal Attributes

• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into information security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly manner.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.

Work Conditions

• 35-hour on-site work week with on-call availability as occasion requires.
• Some occasional travel may be required.
• Sitting for extended periods of time.
• Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse, and other computer components.

As much as we believe in working hard, we also believe in personal growth and taking time for ourselves. Accordingly, our total rewards philosophy amounts to one of the best compensation and benefits packages in the industry – from performance-based incentives and extended  benefits, to training and education  reimbursements and ample vacation  time.

Central 1 is committed to diversity and inclusion. If  you have a request for a disability-related accommodation, we will work with you to meet your needs.

Reporting to: Information Security Manager, Infrastructure and Systems
Grade:  F

Date Posted: November 20, 2017
Internal Applicants must apply by: November  27, 2017

*Unsolicited resumes from vendors will not be accepted for this or any position at Central 1*
**If you have issues or questions about the application process, please email humanresources  @central1.com with a description of your problem**