Position: Information Security Engineer
Location: Montréal, QC
Work Type: Onsite
We are seeking a motivated and skilled Security Engineer to serve as a champion, responsible for assisting ADM Teams in ensuring the secure execution of the Software Development Life Cycle (SDLC). As an integral part of the team, this Security Engineer will collaborate closely with various stakeholders across North America and work in partnership with IT teams locally and globally.
- Provide training and support to ADM teams in the areas of vulnerability analysis, management, and remediation.
- Drive the transformation and implementation of security tools to emphasize security in the early stages of the SDLC (shift-left approach).
- Effectively communicate project statuses, progress, and information to stakeholders and application teams.
- Educate team members on cybersecurity, covering code security, architectural security, and code quality.
- Assist application teams in adopting security-related tools.
- Document and establish best practices related to security tools.
- Create documentation on the use and types of vulnerabilities while facilitating user comprehension.
- Innovate and propose novel methods to enhance code security.
TRAINING AND OCCUPATIONAL EXPERIENCE:
- Profound expertise in the utilization of DevSecOps tools.
- A minimum of 3 years of hands-on experience with security scanning tools.
- 2 to 3 years of experience with DevOps toolchains and CI/CD pipelines.
- Proficiency in programming languages such as Java, C#, or TypeScript, with additional languages being advantageous.
SKILLS AND ATTRIBUTES:
- Proficiency in identifying and addressing vulnerabilities identified by SAST, SCA, and DAST tools.
- Competence in using security SAST, SCA, and DAST tools like Fortify, Checkmarx, NexusIQ, or OWASP plugins (Maven).
- Familiarity with DevOps toolchains and configuration management tools like Ansible, Jenkins, and Artifactory.
- Strong problem-solving abilities.
- Effective communication skills for conveying solutions to individuals at various levels and in different roles within the organization.
This role necessitates a candidate with a strong background in security, development, and DevOps practices.
The primary objective is to secure the software development process and promote a security-centric culture throughout the organization. Effective communication and the ability to educate others about security practices are equally essential. Additionally, proficiency with specific security tools and programming languages is anticipated.