Software Application Cybersecurity Specialist (Perm in OTTAWA)
Hybrid in Ottawa West
MUST HAVE SKILLS
The Security team manages a security posture that summarizes key leanings from OWASP, CERT/CC, CWE/SANS, CIS, NIST, and from our own experiences
- Familiar with CISA, NIST, OWASP, SCS9001, ISO27001
- Threat Modeling methods such as STRIDE
- Experience with security scanning tools, and code analysis tools
SSDLC – Secure Software Development Lifecycle
- Experience across the full spectrum of the SSDLC, from planning to GA, and post-GA (Support phase)
- Experience with analyzing security findings (CVEs, pen test findings). Source of security findings:
- Scanning tools (Nessus, Qualys, Trivy, Black Duck, Coverity, and other tools)
- Understand and dissect a vulnerability (e.g. CVE), and be able to debate/argue/convince a S/W developer of the importance of fixing it, how to mitigate it by other means while waiting for a fix, understanding the risk, etc