Application Cloud Security Lead

Source: BC Hydro
Job Title: Application Cloud Security Lead

Powered by water... and by people like you.

Providing clean electricity to 4 million customers takes a diverse workforce and that's where you come in. We need your talent to help us build major projects to meet growing demand. To help our customers find clean energy solutions for their homes and businesses and to be ready to respond during storms and outages to keep our system reliable.

Working for BC Hydro is meaningful. And now, the stakes have been raised as we work towards a solution to climate change while safely providing clean, affordable electricity to our customers.

We offer a healthy work life balance, training opportunities and career progression. We're proud to be ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers. Join us as we build an even cleaner B.C.

JOB DESCRIPTION

Duties:

• Spearhead the development and enforcement of a Secure Development Life Cycle, integrating security best practices into all stages of software development.
• Manage comprehensive application and cloud vulnerability scans and security configuration assessments.
• Craft and execute a visionary strategy for application and cloud security, including continuous measurement and refinement.
• Formulate and advocate for security policies and standards related to applications, databases, and cloud infrastructure.
• Lead the selection and deployment of static and dynamic code analysis tools to maintain code integrity.
• Ensure vendor and service provider adherence to our stringent application and cloud security policies and standards.
• Direct the assessment and audit processes, and meticulously track and report on remediation efforts.
• Perform maturity assessments, set ambitious targets, and devise strategic plans to achieve them.
• Innovate reporting to provide clear insights into security postures.
• Support and guide the security awareness and education initiatives, with a focus on application and cloud security.
• Lead or facilitate comprehensive threat modeling exercises to pre-emptively address potential security challenges.

Qualifications:

• A bachelor's degree in computer science, Information Technology, or a related field, with a preference for candidates with a master's degree.
• A minimum of 10 years of dedicated experience in application and cloud security.
• Experience migrating from legacy, on-premises development workflows to modern, cloud-focused development approaches.
• Experience replacing legacy, on-premises applications with cloud-based applications, with a focus on secure migration pathways, on-demand computing, and scalability.
• A background in software development with a strong grasp of cloud platforms like AWS, Azure, or Google Cloud.
• Exceptional leadership qualities and proven team management capabilities.
• An analytical mindset with meticulous problem-solving skills.
• Outstanding communication abilities, both in writing and speaking.
• Preferred certifications include GIAC Secure Software Programmer (GSSP), Certified Secure Software Lifecycle Professional (CSSLP), or Secure Software Practitioner (SSP).

Technical Skills and Knowledge:

• Proficiency in application security frameworks such as OWASP.
• Expertise in security testing tools and secure coding practices.
• Familiarity with security standards like ISO 27001, NIST, and CIS.
• Experience with automation, CI/CD integration, and security testing workload reduction.
• Understanding of CASB, web protection platforms, and technologies.
• Proficiency in Threat Modeling, with experience in scripting languages for security automation.
• Knowledge of Docker, Kubernetes, and Infrastructure as Code (IaC) principles for secure cloud configurations.

ADDITIONAL INFORMATION

• A minimum of 15 paid vacation days.
• Flexible work model, depending on your role type.
• Training and development courses.

For more information on the benefits we offer, visit bchydro.com/benefits.

We're always looking for exceptional people to bring new ideas, fresh thinking and the motivation to help shape the electricity system in B.C. It's an exciting time to be a part of our team as we invest in our system and prepare to meet the challenges of tomorrow.

Our values guide our work. Want to join us?

We are safe.

We are here for our customers.

We are one team.

We act with integrity and respect.

We are forward thinking.

BC Hydro is an equal opportunity employer.

We include everyone. We welcome applications from anyone, including members of visible minorities, women, Indigenous peoples, persons with disabilities, persons of minority sexual orientations and gender identities, and others with the skills and knowledge to productively engage with diverse communities.

We are also happy to provide reasonable accommodations throughout the selection process and while working at BC Hydro. If you require support applying online because you are a person with a disability, please contact us at Recruitmenthelp@BCHydro.com.

Our four role types identify the degree of flexibility an employee could have to work from home based on the type of work they do. The flexibility for an individual job is up to the manager for each position and the operational requirements. Employees also have the right to work full-time from the office if they prefer. All of our roles require at least some in-person time.

IBEW/Field - No option to work from home.

Resident - Works primarily (4+ days per week) in the office.

Hybrid - May be able to work from home up to 3 days per week.

Remote - Works from home 4+ days per week.

Response Information

To apply for this position, please click the appropriate "Apply" button (or follow the application instructions listed in the Job Description above).