Application Security Analyst – Digital Nova Scotia – Leading Digital Industry

Application Security Analyst

Digital Health Technology team powers digital experiences and engagement to enhance the lives of millions of people every day through connected care. We build, deliver and manage a portfolio of data management platforms and mobile offerings in support of our core businesses. We thrive on simple and elegant architecture and agility. You’ll be immersed in a dynamic high-growth environment and empowered to excel, take informed risks, and drive ingenuity across the enterprise.

Core Responsibilities

The roll of the Security Analyst is to help lead and mature the security posture of ResMed’s applications and services. This will be accomplished by leading and supporting the security testing and vulnerability management space, working in tandem with our team of Security Engineers to design solutions with an emphasis on automation and clarity. We are a full stack & full cycle team, which means we can creatively engineer solutions and implement them rapidly.

Application & Vulnerability

  • Application security expert – help our team roll out static analysis, SCA, DAST tools and CI/CD integration.
  • Application security: assist teams with source code assessments, opens source risk management processes.
  • Lead penetration testing engagements.
  • Identify, map out and implement process automation opportunities, with focus on DevSecOps.
  • Enabling automated security testing as part of delivery pipelines.
  • Work as part of a full cycle team to deliver, manage and support Product Security solutions and tools.
  • Vulnerability analytics, automation and reporting

Governance:

  • Vulnerability analytics, automation and reporting
  • Governance as Code.
  • Audit response and engagement management.
  • Risk governance and compliance monitoring

Skills & Experience:

  • 5+ years experience in application security and vulnerability management.
  • 3+ Software development experience: must have had prior experience in Web or Mobile application development.
  • Solid experience with application security testing: Static Analysis (SAST), Open Source (SCA), Dynamic Analysis (DAST)
  • Penetration Testing and threat modeling, experience with prioritization of penetration test results.
  • Vulnerability Management: Experience with vulnerability reporting and risk management analytics products to assist with business prioritization of risk.
  • Data science and reporting analytics would be a very nice to have.
  • Experience with several of the following tools: Fortify, AppScan, CheckMarx, WebInspect, NetSparker, Sonatype, WhiteSource, Burb Suite, Owasp ZAP,
  • Some experience responding to audit requests and ability to manage 3rd party assessment engagements.
  • Experience/Exposure to Cloud technologies (i.e. AWS) and automated infrastructure deployment (I.e. Terraform) would be ideal.
  • Degree/Diploma in computer/software/security engineering or equivalent experience

About You:

Collaboration

  • You actively engage in understanding customer needs.
  • You have good written and verbal communication skills that you are adapting to the expectations of your functional areas.
  • You are developing technical reporting skills both written and verbal.
  • You involve others in the planning and decision making, where appropriate.

Innovation

  • You can demonstrate thinking beyond theories, you approach problems logically and intellectually and can suggest when and how to apply engineering principles.
  • You demonstrate an interest in the latest technologies, and a desire to learn new technologies.

Drive for Results

  • You are involved in the review of your team members’ work.
  • You apply design/engineering knowledge and skills to your work.

Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive and inspiring. Where a culture driven by excellence helps you not only meet your goals, but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now!