Position: Cyber Security Specialist – Platform Team
Location: Richmond Hill, ON
An ideal candidate is a hands on self-starter with 5+ years of experience in software with a focus on security. This role will require wearing many hats from creating corporate policies to code reviews/audits in a Microsoft software shop. The candidate should have a deep understanding of the security needs of designing and implementing enterprise-grade N-Tier Web Applications designed for high performance, scalability, security and reliability.
Degree in Computer Science, Software Engineering or a comparable university level program.
At least 5 years’ experience developing production web applications (any platform).
1. Transition our SaaS product from using a cloud based PCI platform to being PCI-DSS level 1 certified. Maintain PCI DSS compliance going forward.
2. Create and lead a PCI compliance team that spans various departments.
3. Contribute to product backlog with security stories. Establish Security and Privacy Requirements. Create threat models that can be used to define requirements.
4. Provide a security focused voice to user stories during planning meetings.
5. Provide first line subject matter expert advice on pervasive information security standards, policies and processes, information security world class standards and major regulations in the industry.
6. Auditing the current system, looking for security weak points, both code and infrastructure
7. Penetration testing.
8. Attack surface analysis/reduction.
9. Work with clients/Project Management team to determine security best practices.
10. Contribute to strategies and policies related to security, security operational planning, incident response plans, risk mitigation and business continuity planning.
11. Training developers/QA on how to look at the system from a security point of view.
12. Risk assessments/code audits/reviews for security issues. Must be able to understand web architecture for C#/.Net.
a. Perform static analysis and propose changes based on results.
b. Determine and push for adoption of security tools by the team.
c. Look for unsafe functions to be deprecated.
13. Implement software/architectural changes related to security issues in a web based, C#/.Net environment.
•Experience in assessing and moving a company/product to become PCI compliant.
•A background in Microsoft based software, preferably ASP.Net/C#.
•Experience with security software tools such as Metasploit, Nessus, Nikto, BeEF, Backframe Attack Console.
•Experience with code auditing tools such FxCop.
•Knowledge of the Microsoft Windows Server platform, including IIS, WCF, COM+ and MSMQ.
•Knowledge of Microsoft SQL Server.
•Excellent verbal and written communication skills.
•Must be able to explain security concepts to non-technical users such as customers and internal stakeholders.
•Experience with other eCommerce Products, Order Management Systems (OMS), etc.
•Experience with payment gateways or other systems that interact with credit card information.
•Security designations such as Certified Ethical Hacker is desired.