At Kinaxis, who we are is grounded in our common belief that people matter. Each one of us plays an important part in accomplishing our work, building our culture and making a global impact.
Every day, we’re empowered to work together to help our customers make fast, confident planning decisions. This is how we create a better planet – for each other, for our customers and for generations to come. Our cloud-based platform RapidResponse ensures that the products we need – everything from medicine and cars, to day-to-day items like toothpaste – make it to market and into our hands when we need them with minimal ecological footprint.
We make the world better, and you can too.Job Title: Application Security Analyst
(Ottawa, Ontario, CA - Hybrid; other North - American Locations - Remote) About the role
Reporting to the Senior Director of Global Information Security, the Application Security Analyst is responsible for identifying and remediating security related flaws across Kinaxis’ software applications and digital services, to promote a secure posture, and to conform these systems to the information security standards and policies.
As a strong collaborator and team player, the candidate will partner closely with stakeholders across the business, including from Corporate IT, Cloud Services, Product Development, and technology partners to contribute to the implementation of adequate security solutions and controls. The candidate will also mitigate cyber risks, respond to incidents, and produce evidence for regulatory requirements, with the goal of achieving business objectives.
As a key player in the development, implementation and maintenance of a company-wide information security infrastructure, the candidate will partner with stakeholders to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance within the context of risk tolerance for both cloud and on-premise environments.What You Will Do
What You Should Have
- Identify information security risks at the application level, at each stage of development, and proactively work to ensure that risks are identified, assessed and mitigated across the business.
- Integrate static and/or dynamic code analysis tools into the SDLC
- Build a governance process for Software Developers to execute secure development principles and best practices (e.g. OWASP Top 10).
- Arrange or conduct vulnerability and penetration tests against defined systems.
- Identify and propose key application security priorities, initiatives, plans, practices and tools.
- Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and provide recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.
- Collaborate across the company to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.
- Monitor application security trends and evolving technologies and keep senior management informed about related application security issues and implications for the Company.
- Participate in the Security Incident Response Process
- Assist with disaster recovery and business continuity planning
- Perform technical risk assessments and reviews of new and existing applications and systems
- Assist with emergencies and incident response after hours should the need arise
What we have to offer
- Education background in Information Security, Computer Science, Information Management Systems, or equivalent.
- 4+ years of experience identifying and mitigating risks to software applications; high-tech, global environment preferred
- Technical skills relevant to Application Security such as secure coding standards, application security testing, Java programming, ethical hacking techniques, cloud security architecture, vulnerability and threat management
- Hands-on experience with vulnerability management and penetration testing tools:
- Eg: NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, Metasploit, etc
- Two years of hands-on experience in Information Security Auditing.
- Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. some of SSAE16, SOC 2, C5, PCI DSS, HIPAA, GLBA, FISMA, NIST, ISO27000, CobiT, ISF, OWASP, ITIL, ATT&CK)
- Strong written and oral communication skills
- Some relevant certifications, such as CASE, ASVS, CISSP.
- Bonus if you have a published CVE discovered by you.
- Successful candidate must be able to fulfill all security and confidentiality thresholds for this position (criminal background check)
- Challenging Work - We love solving highly complex problems. And as the global leaders in our industry, we never stop innovating—our work is never “done. That’s because across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they’re passionate about.
- Great People - We take our work seriously, but we don’t take ourselves too seriously! It’s in our DNA to celebrate, laugh, and have fun. We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success.
- Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large.
- Diversity, Equity and Inclusion - Diversity, equity and inclusion are more than words to us. They are the guiding principles for building a culture where we celebrate each others’ differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen.
For more information, visit the Kinaxis web site at www.kinaxis.com or the company’s blog at http://blog.kinaxis.com/ .
Kinaxis strongly encourages diverse candidates to apply to our welcoming community. We strive to make our website and application process accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at email@example.com . This contact information is for accessibility requests only and cannot be used to inquire about the status of applications.