Application Security Analyst II, Information Security

Application Security Analyst II, Information Security

Wednesday, February 26, 2025

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at accessibility@firstnational.ca should you need an accommodation at any point in the recruitment process.

Reporting To: Application Security Manager

Full-Time/Part-Time: Full-time

Posting Date: February 26, 2025

Closing Date: March 14, 2025

Hours of Work: 8:30 a.m. – 5:00 p.m.

Grade: 12.4

Office Location: Toronto, ON

Great location! Steps away from the main public transit station.

What we offer: Highly competitive compensation package which includes base salary, bonus, benefits, and career advancement opportunities!
*Eligibility for benefits is dependent on the terms of employment.

The Opportunity:

We're seeking an Application Security Analyst II well-versed in risk analysis, vulnerability assessment methodologies, and information security concepts. Your role involves supporting security risk assessments for both internally developed and third-party/open-source software, setting up security processes, and educating various application teams within the organization. You'll be integral in documenting and developing security controls while ensuring compliance with established frameworks.

How you will contribute:

• Analyzing and documenting processes, policies, controls, and standards to comply with security frameworks and regulations.
• Understand technical and architectural issues from a security perspective and provide recommendations.
• Performing security reviews and providing insights throughout all phases of software development.
• Support the Application Security Manager in managing internal and external stakeholders related to Application Security.
• Managing and coordinating secure code reviews with stakeholders, encompassing Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST).
• Conducting application vulnerability assessments for web, mobile, web services, and cloud applications.
• Performing or overseeing manual/automated application Vulnerability Assessment & Penetration Testing, and subsequently managing technical documentation including VAPT/Application Security tracking and reporting.
• Reviewing the configurations to Web Application Firewalls (WAF).
• Work closely with the application development delivery teams to integrate security controls within the development pipeline ensuring an efficient development process with early security control gates.
• Assisting the Security Leadership in collaborating with IT Groups to define, develop, communicate, and implement a comprehensive long-term application security roadmap.
  • This involves creating threat models for web applications and supporting development teams across the agile Software Development Life Cycle (SDLC).
• Assisting in the evaluation, selection, onboarding, and management of AppSec vendors and Solutions.

The experience you need:

• 5+ years of web and mobile application security experience with Secure Software Development Life Cycle (SSDLC).
• Strong grasp of application design and architecture.
• Proficiency in manual and automated penetration testing methods/tools (e.g., Burp Suite, Fortify, Backtrack Kali, Metasploit Framework).
• Familiarity with WAF technologies, security frameworks (OWASP-TOP 10, SANs-TOP 25, CWE), and participation in Bug Bounties & Capture the Flag (CTF) would be beneficial.
• Excellent written skills for preparing reports and briefings.
• Excellent analytical reasoning and problem-solving approach.

Education:

• Post-secondary education, University education, and Technical Certifications required.
• Certifications and Skills:
  Good to have CISSP.
  Good to have Offensive Security Certified Professional (OSCP).

Working Environment and Physical Demands Analysis:

• Periods of high volume with tight timelines.
• Long periods of stationary position/sitting.
• Prolonged periods of repetitive movement (i.e., using a keyboard and mouse).
• Long periods of time in viewing a computer screen.
• Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program.

Competitive Compensation:
Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up).
Hybrid working environment.
Extensive training programs to set our employees up for success.
Modern office environment conducive to collaboration.
Supportive teamwork culture.
Opportunities to give back to the communities and work through events focused on a variety of charities.
Ongoing social events throughout the year.

The team you’ll join:

Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada’s largest commercial mortgage lender.

First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.

We would like to thank all applicants for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.