Position Title: Technology Specialist, Information Security

Reports To: Senior Technology Manager, Information Security

Department: IT - Technology Risk and Governance

Term: Permanent Full-time

Work Arrangements: This is a hybrid role. You will work in our office in Waterloo, ON a minimum of two (2) assigned, consecutive days every other week, plus a fifth (5th) assigned day per month. You are welcome to work from the office more than the minimum requirement and there may be some roles that are required to work in our office more than the minimum requirement.

The Opportunity: Don't miss the opportunity to join one of the Waterloo Area's Top Employer for 2025 and Southwestern Ontario's Top Employers for 2025!

The Application Security Specialist will play a vital role in strengthening our Application Security program and will be on the forefront of change leading the SecDevOps culture at Equitable Life of Canada. You will contribute by safeguarding our digital assets and ensuring the security of our applications, directly impacting our company's success and customer trust. You will provide technical leadership required to manage and reduce application security risks by taking ownership of the SecDevOps portfolio and establishing current and long-term direction by developing organization-wide security controls that integrate into our DevOps pipelines.


What you will be doing:

• Act as a subject matter expert on application security domains involving web and mobile platforms.
• Design and implement robust application security controls to protect against threats and vulnerabilities.
• Enforce secure coding standards across development teams based on industry-accepted best practices.
• Design and implement secure CI/CD solutions for development and production environments.
• Integrate and implement automated application security testing (DAST, SAST, RASP & IAST) for APIs, web, and mobile applications.
• Conduct periodic and on-demand manual penetration testing assessments of applications.
• Provide guidance on security requirements of application design based on industry best practices or internal policy.
• Perform system and application-level risk and vulnerability assessments.
• Collaborate with developers to understand and remediate security vulnerabilities to improve overall security posture.
• Nurture a training program/curriculum that provides Application Security training to software developers.
• Assist with code reviews to proactively identify potential vulnerabilities and follow-up with tooling to prevent future vulnerabilities.
• Provide timely and detailed reports with evidence of findings, risk analysis, guidance, and remediation instructions.
• Manage Auth0 for secure authentication and collaborate with development teams to integrate Auth0 in various applications.
• Facilitate security training sessions for developers to enhance their understanding of secure coding practices.
• Ensure security is considered at each stage of the software development process.
• Conduct regular assessments and audits to ensure compliance with SCLC standards.
• Provide training and guidance to development teams on using SNYK and StackHawk tools to identify and remediate vulnerabilities in applications. Integrate these tools into CI/CD pipelines to ensure continuous security testing.
  
  

What you will bring:

• A SecDevOps forward mindset with a high emphasis on solving problems via code and API forward approaches.
• A Bachelor's Degree in Computer Science, Information Systems, Engineering, cybersecurity, or related technical field; or equivalent experience.
• Possess or have an interest in pursuing certifications such as CISSP, OSCP, OSCE, GWAPT, GPEN, CEH, CompTIA Security +.
• Extensive knowledge of Application Security Risks - how they can be detected, exploited, and mitigated.
• Strong experience in DevOps development practices, CI/CD pipelines, and knowledge of orchestration platforms.
• Thorough understanding of modern software development practices.
• Strong expertise with cloud environments (AWS / Google Cloud / Azure).
• Programming/scripting experience (PowerShell, ASP, .NET, Python, Perl).
• Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation.
• Strong understanding of application design and architecture.

What's in it for you:

• A healthy work-life balance with employee wellness top of mind.
• Annual bonus program, annual vacation allowance, and company-paid benefits program.
• An additional paid volunteer day each year so you can spend time giving back to the community.
• Immediate enrollment in the company's pension program with employer matching.
• Employee resource groups that support an inclusive work environment.
• Tuition support and specialized program assistance.
• A company subsidized cafeteria with a variety of daily options.
• Discounts on company products and services, and access to exclusive employee perks.
• Regular EQ Together events focused on company togetherness and collaboration.

As part of the recruitment/offer process you will be required to:

• Provide two professional references (minimum one supervisor and above)
• Undergo a criminal background check.

This role is open due to an existing vacancy.

To learn more about Equitable, we encourage you to explore our organization.

At Equitable, we are committed to providing equal access to employment opportunities across our organization. Please contact our HR team at careers@equitable.ca if you would like to receive our job postings in an alternative format or require an accommodation with the application process.