We are looking for a Cyber Security Architect with mobile experience to assist in executing an application penetration testing program that will improve the security posture of Information Technology Infrastructure Infrastructure applications, servers, and network applications. The successful candidate will conduct vulnerability and application security assessments, provide feedback on issues, create and deliver action plans, assist with identifying and tracking risk & remediation, and provide advice on mitigation safeguards, processes, and security best practices. Cyber Security Architect
Assignment Length: 12-month contract
Assignment Starting; June
# Of Openings: 1
Top skills for Cyber Security Architect:
- Minimum of 5 years of professional work experience in Application security
- Application penetration testing including Mobile, Web, API
- Source code review preferably in Java, Kotlin, Objective C and Swift programming languages
- Threat modelling
- A good understanding of enterprise application development using programming languages such as Java, Kotlin, Objective C and Swift.
- Working experience in agile environments as part of the DevOps team with an excellent understanding of the CI/CD pipeline.
- Good understanding of the SAST Tools such as Checkmarx, Fortify and DAST tools such as NowSecure, Burp and AppScan.
- Must have a strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g., OWASP, NIST publications, and SANS/CWE.
- Must know about setting up a Mobile pen-testing platform (Jailbreaking, Rooting the device, setting up Cydia) and hands-on with manual security testing.
- Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential
- Security-based professional qualification desirable (e.g., CISSP, CISM, CISA, OPST, CEH, OSCP)
- Bachelor’s degree in a technology-related field or the equivalent work experience
- Knowledge of operating system internals and operations
- Knowledge of offensive and defensive security operational tactics.
- Understanding industrial frameworks such as NIST, MITRE ATT&CK, OWASP, PCI-DSS, ITIL and other compliance frameworks.
- Bilingual in French and English would be an asset. (Not required)
As the Cyber Security Architect, you will be responsible for:
- Execute security assessments for multiple agile projects simultaneously and ensure project timelines are met.
- Perform application security testing on applications such as Mobile (iOS /Android), web, APIs (REST/SOAP/Microservices), thick clients, etc., inclusive of the supporting infrastructure components.
- Utilize Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), and Component Vulnerability Management (CVM) tools such as Checkmarx, and Contrast, to uncover additional vulnerabilities during Dynamic Application Security Testing (DAST).
- Call on their deep understanding of OWASP Top 10 and CWE 25, experience in implementing remediation strategies.
- Deep knowledge and experience using SAST, DAST and Open-Source Vulnerability Scanning tools.
- Leverage application artifacts such as business requirements, user stories, design documents, architecture documents, and others to understand the scope of the agile review.
- Create targeted security user stories and misuse cases to execute during the agile review by performing threat modelling.
- Collaborate with application teams to promptly remediate any identified security vulnerabilities.
- Have the ability to read and understand application source code to provide specific recommendations for the identified vulnerabilities to application teams.
- Have technical solid writing and presentation skills to report and articulate security vulnerabilities to technical and non-technical audiences.
- Working knowledge of Risk and Compliance (GRC) tools as well as collaboration tools such as JIRA and Confluence
- Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques, penetration testing;
- Produce security assessment reports and distribute them to IT Support teams (for remediation)
- Ability to research, recommend and implement changes to procedures and systems to enhance application and systems security
- Ability to keep updated on the latest security regulations, advisories, alerts and vulnerabilities.
Don’t miss out on this opportunity. Apply online today!
Eagle is an equal opportunity employer and will provide accommodations during the recruitment process upon request. We thank all applicants for their interest; however, we will only be contacting candidates with the required skills. Please note that your application does not signify the beginning of employment with Eagle. Work with Eagle will only commence when placed on an assignment as a temporary employee of Eagle.