hero

Sr Security Consultant Product Security

TELUS

TELUS

This job is no longer accepting applications

See open jobs at TELUS.
IT, Product
Toronto, ON, Canada
Posted on Tuesday, November 21, 2023

Sr Security Consultant Product Security

Location: 

Toronto, ON, CA Montréal, QC, CA Vancouver, BC, CA Calgary, AB, CA Edmonton, AB, CA Ottawa, ON, CA

Req ID:  37462
Jobs by Category:  Security & Automation
Job Function:  Cybersecurity
Status:  Full Time
Schedule:  Regular

Description

 

The role will support the manager of DevSecOps within TELUS Health Chief Security Office in leading the engineering of security at scale within the secure software development cycle, representing CSO.

 

This individual contributor role will help assess product’s security maturity through consultation, select and implement security controls within their pipelines (WAF, SAST, DAST, IAST, SCA), act as a SME for addressing security vulnerability validation and remediating those findings. This individual will act as a product security evangelist and contribute greatly to the development and implementation of the security champion program. The individual will also be involved in promoting security awareness, disaster recovery planning, testing and corporate security policy maintenance and enforcement as well as threat and risk assessments.

.

Working as a partner to the product teams and TELUS Health Cloud program, this role will drive the adoption of secure Cloud and application security within the pipelines and processes of the product.

 

  • Provide training and awareness sessions to application development teams, highlighting the benefits of web application layer protection services, and demonstrating exploitation of confirmed security vulnerabilities
  • Perform comprehensive Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to identify vulnerabilities
  • Review security scan results and work closely with the development team to prioritize security vulnerabilities using a risk-based approach
  • Identify vulnerabilities and weaknesses through web and mobile application security assessments, code reviews, threat modeling, vulnerability scanning, and manual application penetration testing
  • Provide actionable recommendations and guidance to improve the security posture of applications and their supporting technology infrastructure
  • Collaborate with stakeholders to develop and enhance security policies, procedures, and risk management strategies
  • Lead key security initiatives, manage projects, and work collaboratively with cross-functional teams
  • Work across product teams to integrate security into the SDLC / CICD pipeline through consideration of security at each step. Extension of security into the design, developer environment (IDE), software composition analysis, static assessment, and dynamic assessment as part of the local CICD pipeline
  • Drive consistency of control and solution across the tooling applied within each product team. Whilst a single solution will not always be desirable, seek out consolidation where possible and ensure all solutions have consistent levels of security
  • Identify, justify and promote the use of shared security services or patterns (e.g. Web Application Firewalls) that can deliver consistent security protection without impeding local product agility or effectiveness
  • Ensure product development teams have the right level of security expertise to operate their aspects of the security operating model
  • Work with the SecOps team to define response playbooks for application security incidents, and seek out automation for common events to ensure sustainable T1/T2 operation
  • Work with the SecOps team to define the runbooks for application security tooling operated by the CSO team, ensuring sustainable security operation across TH’s portfolio of applications

 

Responsibilities

 

  • Provides leadership in technology development and supports activities including business requirements definition, design, quality assurance, implementation and technical support
  • Manages delivery of assigned tasks using project management discipline
  • Works independently with minimal supervision
  • Participates in secure SDLC and technology integration projects using security technology tools and techniques
  • Sets high standards for own work and ensure high quality outcomes are achieved
  • Prepares project estimates and schedules of project activities as required
  • Sets realistic and achievable expectations for deliverables
  • Ensures effective work habits including punctuality, responsiveness and accessibility to others
  • Coaches and mentors more junior staff members within the IT Group as required
  • Provides timely feedback to team members on matters related to technology development and team interaction
  • Works effectively as a member of the TELUS Health CSO
  • Promotes teamwork and collegiality in the work environment
  • Observes the corporate values of TELUS Health
  • Promotes TELUS Health as the service provider of choice in the industry
  • Attends internal training sessions to build knowledge of industry topics and trends
  • Assists incident response and remediation, special projects and other tasks, as required
  • Understanding of regional privacy requirements (GDPR, Australians, Chinese, US, Canadian Privacy Laws)
  • Managing an enterprise SIEM solution
  • Able to manage a vulnerability assessment platform (web application and infrastructure) and supplement with penetration testing.
  • Writing scripts in least one scripting language (Python, Powershell, Linux command line etc) for discovery and auditing purposes

 

Qualifications

 

What you bring

 

  • University degree or equivalent industry experience
  • Strong communication, presentation, and relationship skills, especially the ability to articulate technical topics
  • Knowledge of security and industry standards (e.g., ISO, NIST, ITIL, etc)
  • Knowledge and practical experience any of the following OWASP top 10, OWASP Web application Security Testing Guide (WSTG), OWASP (Mobile) Application Security Verification Standard (MASVS/ASVS), BSIMM, and OpenSAMM
  • CISSP, CCSP, CRISC or similar Cloud certification are preferred.
  • Practical Cloud security experience with appropriate certification spanning GCP and either AWS or Azure
  • Experience working on enterprise Cloud services deployments (SaaS, PaaS, IaaS) and understand security challenges involved in Cloud migration, adoption and operation
  • Experience deploying and migrating to/from private Cloud environments
  • Experience with virtual machine management, container orchestration, API management and secure use of serverless technologies
  • Knowledge of application security, software development with security concepts and integration into the development pipelines.
  • Experience across SCA, SAST, DAST, and IAST
  • Experience working with proxy intercept tools such as Burp Suite Pro or OWASP ZAP
  • Integration experience across pipelines and orchestration tools such as Jenkins, source repositories (e.g. GitHub, bitBucket etc), Integrated Development Environments, and testing tools
  • Experienced with agile delivery teams and environment
  • Experienced working in a DevOps / SRE operation
  • Experience with application security capabilities including Web Application Firewalls, DDoS mitigation, Bot prevention, and associated threat management controls
  • Familiarity with pipelines, automation and scripting
  • Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies (STRIDE)
  • Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks

 

Nice to haves

 

  • Professional security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and others
  • Industry-recognized certifications would be an asset. (i.e., OSCP, OSWE, ECDE, Burpsuite Certified Practitioner, GWAPT, eWPT, GMOB, eMAPT etc.)
  • Experience within a regulated business environment
  • An insatiable appetite for modern and emerging technologies and tools

 

#LI-REMOTE

Midpoint Base Salary:  $120,000
Performance Bonus or Sales Incentive Plan:  15%

Actual total compensation can be above or below the listed pay, based on knowledge, skills, performance and experience.

A bit about us

We’re a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world. 

You’ll find our engaging, high-performance culture personally fulfilling, professionally challenging, and financially rewarding. We’re committed to diversity and equitable access to employment opportunities based on ability. Your unique contributions and talents will be valued and respected here. When you join our team, you’re helping us make the future friendly.

Note for Quebec candidates: if knowledge of English is required for this position, it is because the team member will be asked, on a regular basis, to interact in English with external or internal parties or to use English applications or software as part of their tasks.

 

 

 

 

Security & Automation

We’re looking for talented sales professionals, solution designers, security technicians and customer support specialists with proven experience in commercial security and automation to join our team.

We are honoured to be recognized

Team TELUS at a glance

1.4M
Days volunteered in our communities

$1.3
Billion contributed to charitable and community organizations since 2000

15.2
Million customer connections

Accessibility

TELUS is proud to foster an inclusive culture that embraces diversity. We are committed to fair employment practices and all qualified applicants will receive consideration for employment.

We offer accommodation for applicants with disabilities, as required, during the recruitment process.

Sr Security Consultant Product Security

Location: 

Toronto, ON, CA Montréal, QC, CA Vancouver, BC, CA Calgary, AB, CA Edmonton, AB, CA Ottawa, ON, CA

Req ID:  37462
Jobs by Category:  Security & Automation
Job Function:  Cybersecurity
Status:  Full Time
Schedule:  Regular

Description

 

The role will support the manager of DevSecOps within TELUS Health Chief Security Office in leading the engineering of security at scale within the secure software development cycle, representing CSO.

 

This individual contributor role will help assess product’s security maturity through consultation, select and implement security controls within their pipelines (WAF, SAST, DAST, IAST, SCA), act as a SME for addressing security vulnerability validation and remediating those findings. This individual will act as a product security evangelist and contribute greatly to the development and implementation of the security champion program. The individual will also be involved in promoting security awareness, disaster recovery planning, testing and corporate security policy maintenance and enforcement as well as threat and risk assessments.

.

Working as a partner to the product teams and TELUS Health Cloud program, this role will drive the adoption of secure Cloud and application security within the pipelines and processes of the product.

 

  • Provide training and awareness sessions to application development teams, highlighting the benefits of web application layer protection services, and demonstrating exploitation of confirmed security vulnerabilities
  • Perform comprehensive Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to identify vulnerabilities
  • Review security scan results and work closely with the development team to prioritize security vulnerabilities using a risk-based approach
  • Identify vulnerabilities and weaknesses through web and mobile application security assessments, code reviews, threat modeling, vulnerability scanning, and manual application penetration testing
  • Provide actionable recommendations and guidance to improve the security posture of applications and their supporting technology infrastructure
  • Collaborate with stakeholders to develop and enhance security policies, procedures, and risk management strategies
  • Lead key security initiatives, manage projects, and work collaboratively with cross-functional teams
  • Work across product teams to integrate security into the SDLC / CICD pipeline through consideration of security at each step. Extension of security into the design, developer environment (IDE), software composition analysis, static assessment, and dynamic assessment as part of the local CICD pipeline
  • Drive consistency of control and solution across the tooling applied within each product team. Whilst a single solution will not always be desirable, seek out consolidation where possible and ensure all solutions have consistent levels of security
  • Identify, justify and promote the use of shared security services or patterns (e.g. Web Application Firewalls) that can deliver consistent security protection without impeding local product agility or effectiveness
  • Ensure product development teams have the right level of security expertise to operate their aspects of the security operating model
  • Work with the SecOps team to define response playbooks for application security incidents, and seek out automation for common events to ensure sustainable T1/T2 operation
  • Work with the SecOps team to define the runbooks for application security tooling operated by the CSO team, ensuring sustainable security operation across TH’s portfolio of applications

 

Responsibilities

 

  • Provides leadership in technology development and supports activities including business requirements definition, design, quality assurance, implementation and technical support
  • Manages delivery of assigned tasks using project management discipline
  • Works independently with minimal supervision
  • Participates in secure SDLC and technology integration projects using security technology tools and techniques
  • Sets high standards for own work and ensure high quality outcomes are achieved
  • Prepares project estimates and schedules of project activities as required
  • Sets realistic and achievable expectations for deliverables
  • Ensures effective work habits including punctuality, responsiveness and accessibility to others
  • Coaches and mentors more junior staff members within the IT Group as required
  • Provides timely feedback to team members on matters related to technology development and team interaction
  • Works effectively as a member of the TELUS Health CSO
  • Promotes teamwork and collegiality in the work environment
  • Observes the corporate values of TELUS Health
  • Promotes TELUS Health as the service provider of choice in the industry
  • Attends internal training sessions to build knowledge of industry topics and trends
  • Assists incident response and remediation, special projects and other tasks, as required
  • Understanding of regional privacy requirements (GDPR, Australians, Chinese, US, Canadian Privacy Laws)
  • Managing an enterprise SIEM solution
  • Able to manage a vulnerability assessment platform (web application and infrastructure) and supplement with penetration testing.
  • Writing scripts in least one scripting language (Python, Powershell, Linux command line etc) for discovery and auditing purposes

 

Qualifications

 

What you bring

 

  • University degree or equivalent industry experience
  • Strong communication, presentation, and relationship skills, especially the ability to articulate technical topics
  • Knowledge of security and industry standards (e.g., ISO, NIST, ITIL, etc)
  • Knowledge and practical experience any of the following OWASP top 10, OWASP Web application Security Testing Guide (WSTG), OWASP (Mobile) Application Security Verification Standard (MASVS/ASVS), BSIMM, and OpenSAMM
  • CISSP, CCSP, CRISC or similar Cloud certification are preferred.
  • Practical Cloud security experience with appropriate certification spanning GCP and either AWS or Azure
  • Experience working on enterprise Cloud services deployments (SaaS, PaaS, IaaS) and understand security challenges involved in Cloud migration, adoption and operation
  • Experience deploying and migrating to/from private Cloud environments
  • Experience with virtual machine management, container orchestration, API management and secure use of serverless technologies
  • Knowledge of application security, software development with security concepts and integration into the development pipelines.
  • Experience across SCA, SAST, DAST, and IAST
  • Experience working with proxy intercept tools such as Burp Suite Pro or OWASP ZAP
  • Integration experience across pipelines and orchestration tools such as Jenkins, source repositories (e.g. GitHub, bitBucket etc), Integrated Development Environments, and testing tools
  • Experienced with agile delivery teams and environment
  • Experienced working in a DevOps / SRE operation
  • Experience with application security capabilities including Web Application Firewalls, DDoS mitigation, Bot prevention, and associated threat management controls
  • Familiarity with pipelines, automation and scripting
  • Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies (STRIDE)
  • Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks

 

Nice to haves

 

  • Professional security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and others
  • Industry-recognized certifications would be an asset. (i.e., OSCP, OSWE, ECDE, Burpsuite Certified Practitioner, GWAPT, eWPT, GMOB, eMAPT etc.)
  • Experience within a regulated business environment
  • An insatiable appetite for modern and emerging technologies and tools

 

#LI-REMOTE

Midpoint Base Salary:  $120,000
Performance Bonus or Sales Incentive Plan:  15%

Actual total compensation can be above or below the listed pay, based on knowledge, skills, performance and experience.

A bit about us

We’re a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world. 

You’ll find our engaging, high-performance culture personally fulfilling, professionally challenging, and financially rewarding. We’re committed to diversity and equitable access to employment opportunities based on ability. Your unique contributions and talents will be valued and respected here. When you join our team, you’re helping us make the future friendly.

Note for Quebec candidates: if knowledge of English is required for this position, it is because the team member will be asked, on a regular basis, to interact in English with external or internal parties or to use English applications or software as part of their tasks.

 

 

 

 

Security & Automation

We’re looking for talented sales professionals, solution designers, security technicians and customer support specialists with proven experience in commercial security and automation to join our team.

We are honoured to be recognized

Team TELUS at a glance

1.4M
Days volunteered in our communities

$1.3
Billion contributed to charitable and community organizations since 2000

15.2
Million customer connections

Accessibility

TELUS is proud to foster an inclusive culture that embraces diversity. We are committed to fair employment practices and all qualified applicants will receive consideration for employment.

We offer accommodation for applicants with disabilities, as required, during the recruitment process.

Description

 

The role will support the manager of DevSecOps within TELUS Health Chief Security Office in leading the engineering of security at scale within the secure software development cycle, representing CSO.

 

This individual contributor role will help assess product’s security maturity through consultation, select and implement security controls within their pipelines (WAF, SAST, DAST, IAST, SCA), act as a SME for addressing security vulnerability validation and remediating those findings. This individual will act as a product security evangelist and contribute greatly to the development and implementation of the security champion program. The individual will also be involved in promoting security awareness, disaster recovery planning, testing and corporate security policy maintenance and enforcement as well as threat and risk assessments.

.

Working as a partner to the product teams and TELUS Health Cloud program, this role will drive the adoption of secure Cloud and application security within the pipelines and processes of the product.

 

  • Provide training and awareness sessions to application development teams, highlighting the benefits of web application layer protection services, and demonstrating exploitation of confirmed security vulnerabilities
  • Perform comprehensive Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to identify vulnerabilities
  • Review security scan results and work closely with the development team to prioritize security vulnerabilities using a risk-based approach
  • Identify vulnerabilities and weaknesses through web and mobile application security assessments, code reviews, threat modeling, vulnerability scanning, and manual application penetration testing
  • Provide actionable recommendations and guidance to improve the security posture of applications and their supporting technology infrastructure
  • Collaborate with stakeholders to develop and enhance security policies, procedures, and risk management strategies
  • Lead key security initiatives, manage projects, and work collaboratively with cross-functional teams
  • Work across product teams to integrate security into the SDLC / CICD pipeline through consideration of security at each step. Extension of security into the design, developer environment (IDE), software composition analysis, static assessment, and dynamic assessment as part of the local CICD pipeline
  • Drive consistency of control and solution across the tooling applied within each product team. Whilst a single solution will not always be desirable, seek out consolidation where possible and ensure all solutions have consistent levels of security
  • Identify, justify and promote the use of shared security services or patterns (e.g. Web Application Firewalls) that can deliver consistent security protection without impeding local product agility or effectiveness
  • Ensure product development teams have the right level of security expertise to operate their aspects of the security operating model
  • Work with the SecOps team to define response playbooks for application security incidents, and seek out automation for common events to ensure sustainable T1/T2 operation
  • Work with the SecOps team to define the runbooks for application security tooling operated by the CSO team, ensuring sustainable security operation across TH’s portfolio of applications

 

Responsibilities

 

  • Provides leadership in technology development and supports activities including business requirements definition, design, quality assurance, implementation and technical support
  • Manages delivery of assigned tasks using project management discipline
  • Works independently with minimal supervision
  • Participates in secure SDLC and technology integration projects using security technology tools and techniques
  • Sets high standards for own work and ensure high quality outcomes are achieved
  • Prepares project estimates and schedules of project activities as required
  • Sets realistic and achievable expectations for deliverables
  • Ensures effective work habits including punctuality, responsiveness and accessibility to others
  • Coaches and mentors more junior staff members within the IT Group as required
  • Provides timely feedback to team members on matters related to technology development and team interaction
  • Works effectively as a member of the TELUS Health CSO
  • Promotes teamwork and collegiality in the work environment
  • Observes the corporate values of TELUS Health
  • Promotes TELUS Health as the service provider of choice in the industry
  • Attends internal training sessions to build knowledge of industry topics and trends
  • Assists incident response and remediation, special projects and other tasks, as required
  • Understanding of regional privacy requirements (GDPR, Australians, Chinese, US, Canadian Privacy Laws)
  • Managing an enterprise SIEM solution
  • Able to manage a vulnerability assessment platform (web application and infrastructure) and supplement with penetration testing.
  • Writing scripts in least one scripting language (Python, Powershell, Linux command line etc) for discovery and auditing purposes

 

Qualifications

 

What you bring

 

  • University degree or equivalent industry experience
  • Strong communication, presentation, and relationship skills, especially the ability to articulate technical topics
  • Knowledge of security and industry standards (e.g., ISO, NIST, ITIL, etc)
  • Knowledge and practical experience any of the following OWASP top 10, OWASP Web application Security Testing Guide (WSTG), OWASP (Mobile) Application Security Verification Standard (MASVS/ASVS), BSIMM, and OpenSAMM
  • CISSP, CCSP, CRISC or similar Cloud certification are preferred.
  • Practical Cloud security experience with appropriate certification spanning GCP and either AWS or Azure
  • Experience working on enterprise Cloud services deployments (SaaS, PaaS, IaaS) and understand security challenges involved in Cloud migration, adoption and operation
  • Experience deploying and migrating to/from private Cloud environments
  • Experience with virtual machine management, container orchestration, API management and secure use of serverless technologies
  • Knowledge of application security, software development with security concepts and integration into the development pipelines.
  • Experience across SCA, SAST, DAST, and IAST
  • Experience working with proxy intercept tools such as Burp Suite Pro or OWASP ZAP
  • Integration experience across pipelines and orchestration tools such as Jenkins, source repositories (e.g. GitHub, bitBucket etc), Integrated Development Environments, and testing tools
  • Experienced with agile delivery teams and environment
  • Experienced working in a DevOps / SRE operation
  • Experience with application security capabilities including Web Application Firewalls, DDoS mitigation, Bot prevention, and associated threat management controls
  • Familiarity with pipelines, automation and scripting
  • Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies (STRIDE)
  • Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks

 

Nice to haves

 

  • Professional security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and others
  • Industry-recognized certifications would be an asset. (i.e., OSCP, OSWE, ECDE, Burpsuite Certified Practitioner, GWAPT, eWPT, GMOB, eMAPT etc.)
  • Experience within a regulated business environment
  • An insatiable appetite for modern and emerging technologies and tools

 

#LI-REMOTE

This job is no longer accepting applications

See open jobs at TELUS.