Job Matching
Let us search jobs for you based on the skills and experience listed in your profile.
Information Security Advisor – Threat Modeling
Apply now Job ID 10547049 Date posted 01/15/2019Primary Locations: Montreal, Quebec, Toronto, Ontario
Employee Status: Regular
Schedule: Full-time
Description:
We're looking for new talent to expand our security team. We live in a digital world where daily changes require us to be pragmatic, agile and proactive in the way we approach opportunities, technologies and processes from a security standpoint.
If you'd like to:
- Influence change
- Have input in information security
- Join a dynamic, innovative team
- Explore new ideas
If you can:
- Carry out threat modeling to assess architectural risks
- Facilitate and support threat modeling exercises, architecture review and attack scenario analyses
- Exercise your judgement regarding existing policies and security best practices
We want to hear from you!
Ways you can make a positive impact in our organization:
- Facilitate and support threat modeling exercises, architecture review and attack scenario analyses
- Have a good understanding of software security architecture and design to identify and recommend improvements in internal methodologies and processes
- Integrate threat modeling practices in the systems development life cycle (covering agile mode as well)
- Be able to provide tactical and strategic direction as well as detailed remediation guidance to help technical teams achieve acceptable security postures
- Participate in complex projects and provide threat modeling and risk reports
- Ensure that risk considerations are addressed at each stage of the system development life cycle
- Communicate with technical and non-technical professionals
- Inspire a positive work environment and help as a champion, innovator, team player and team support
Qualifications:
- A completed bachelor's degree in a related field plus 7 years of relevant experience, or a completed master's degree in a related field plus 5 years of relevant experience
- Professional certifications (e.g. CISSP), an asset, or willingness to obtain certification quickly
- 3-5 years of information security experience
- Minimum of 1-2 years of threat modeling experience; understanding and use of threat modeling tools is an asset
- Experience assessing risks and analyzing vulnerabilities
- Good understanding of the field of information control, including authentication, authorization, access control, audit, cryptography
- Good understanding of software development processes, integration of security assessments into the systems development life cycle (SDLC), and OWASP guidelines for application security
- Good understanding of Web application vulnerabilities as well as business logic vulnerabilities and threats
- Hands-on, in-depth understanding of the architecture of infrastructure components, applications and related technologies (Web applications, mobile technology, identity management, access management, AD)
- Bilingualism both spoken and written - English and French
We strive to be an inclusive organization where all employees are valued. National Bank stands out for its many initiatives to promote inclusion, making it a Canada-wide leader in diversity.
#LI-SL1