Senior Application Security Developer
We’re looking for a Senior Application Security Developer to help us straddle the worlds of cutting edge information technology and a business that is at the forefront of innovative explosive growth. The web application security development team is a business enabler that will be working to understand the technical risks of the application environment, translating that into tangible business risk, and arriving at a happy medium that allows the company to propel forward whilst remaining secure. While based in Hootsuite’s Vancouver or Toronto office, you will report to the Manager, Information Security.
WHAT YOU’LL DO:
- Lead vulnerability reviews and risk assessments for multiple highly complex environments.
- Perform code reviews using Static Application Security Testing (SAST) tools and triage the scan findings in the report.
- Responsible for the bug bounty process, including guiding the remediation efforts.
- Advise on the design and implementation of secure cloud infrastructure.
- Conduct threat modeling on complications applications or services as part of the security review process.
- Organize and train developers on Secure Design and Coding practices.
- Provide operational support in the review and approval of access requests and security configuration changes.
- Help us implement a Secure SDLC by integrating Security throughout the development lifecycle.
- Review application architecture and business logic to identify flaws and provide solutions to remediate them.
- Work with development teams to ensure security testing objectives are met.
- Perform ad-hoc application penetration tests to determine security vulnerabilities.
- Work with other Information Security teams to ensure security risk and compliance objectives are addressed.
WHAT YOU’LL NEED:
- Degree or Diploma in Computer Science or Engineering, along with industry recognized certifications in cyber security
- Extensive experience with at least a few years of experience in one or more of the following roles - application security, network security, cyber security.
- Experience in microservice based architecture with any of the Cloud Service Providers like AWS, Azure, GCP, etc. would be an advantage. Experience or knowledge on the Kubernetes environment will be an advantage.
- Thorough understanding of web and mobile application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities. Experience in providing solutions to and leading numerous security vulnerability remediation activities
- Experience in performing penetration testing for applications both manually and using automated tools (commercial or open source) like Burp Suite, Nikto, Appscan, Veracode/Fortify, WebInspect, Skipfish, etc.
- Experience in Penetration testing on Mobile applications will be an advantage.
- Experience with Static Application Security Testing tools like Veracode, Fortify, etc.
- Very good understanding of networking and operating system concepts and technologies, along with a prior experience as a developer of code would be an asset
- Collaboration and Teamwork: works with others to deliver results, meaningfully contributing to the team and prioritizing group needs over individual needs
- Influence: Asserts own ideas and persuades others, gaining support and commitment and mobilizing people to take action
- Open Communication: clearly conveys thoughts, both written and verbally, listening attentively and asking questions for clarification and understanding.
- Customer Focus: demonstrates a desire to proactively help and serve internal/external customers meet their needs.
- Problem Solving: uses an organized and logical approach to find solutions to complex problems. Looks beyond the obvious to understand the root cause of problems
WHO YOU ARE:
- Tenacious. You are determined to succeed, and you are motivated by the success of customers, colleagues and the community.
- Curious. You are always learning and seeking ways to make things better.
- Conscientious. You keep your promises, taking your commitments to others seriously, and you have strong integrity.
- Humble. You lead with humility and empathy, respecting and learning from the perspectives of others.
In all we do, our six guiding principles light the way:
Step Up: Show the world what it looks like to live and work by these guiding principles. #StepUp
One Team: Make Hootsuite a place where everyone feels safe, welcome, valued, and empowered to do their best work without compromising who they are. #OneTeam #FreeToBeMe
Customer Obsessed: Focus relentlessly on helping our customers succeed. #CustomerObsessed
Go Fast, Be Agile: Widen our competitive advantage by committing to speed and simplicity over perfection and complexity. #GoFastBeAgile
Play to Win: Commit to building an incredible, profitable company for our customers, our employees, and our stakeholders. #PlayToWin #NoExcuses
Neighbours & Allies: Give back to our communities and be an ally. #SocialForGood #Allies
Accommodations will be provided as requested by candidates taking part in all aspects of the selection process.