Application Security Analyst

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ5882

Location: Anywhere in Alberta, preference for Edmonton or Calgary

Apply by: Wednesday, March 29, 2023

Paygrade: L-OTH

System Title: Security Analyst 7

# Positions available: 1

Leader Name: Senior Manager, Application Security

As ATB’s next Application Security Analyst, you will work with business and technical application owners to ensure adoption of ATB’s testing platforms to continuously improve our application security posture and ensure alignment.

In this role, you will ensure application security vulnerabilities and weaknesses are understood by the application owners and ensure the lifecycle of said vulnerabilities or weaknesses is tracked through to completion. You will have strong comprehension & understanding of emerging threats, defensive technologies and are familiar with agile methodologies.

You will join the ATB TSARC team and shape the future of the application vulnerability management program. This role includes oversight of the following:

• Establish appropriate guardrails for the app delivery teams and promote process designs and best practices that enable and keep teams within those guardrails.
• Evaluation of application and/or infrastructure design specifications to ensure alignment with CX&T Priorities,Security standards, patterns and industry best practice.
• Participate in the development of our cloud security strategy and support key programs
• Participate in Planning, designing and implementation of security measures for the protection of cloud applications
• Participate application security reviews and threat modeling, including code review and dynamic testing
• Develop automated security testing to validate the use of secure coding practices.
• Providing application security guidance and advice to product development teams as SMEs.
• Analyzing system services, spotting issues in code, networks and applications

• Implementing software application security controls
• Build trust relationships with senior level technical and business teams and communicate at all levels of the organization’s enterprise.
• Ensure usage of Agile methodologies and DevSecOps framework
• Collaborate with peers within Development, DevOps, QA to ensure strategic and tactical alignment between the Technology Strategies & Architecture and other teams.
• Provide and maintain awareness of Application Security patterns and any applicable changes to the teams within the various teams
• Execute and maintain cybersecurity processes and documentation on the related products in the product life cycle
• Manage premarket cybersecurity activities (e.g. threat modeling, cybersecurity risk assessment, static code analysis, third party vulnerability testing)
• Manage postmarket cybersecurity activities (e.g. STIG compliance checking, vulnerability scanning, cybersecurity risk modeling)
• Investigating postmarket cybersecurity complaints and escalations
• Awareness of cybersecurity trends and standards

Requirements

• 4+ years of experience working in cloud infrastructure Services, Security Practices, VPC/Networks, Distributed Infrastructure (Data Centre, Servers, Middleware, Containers, Storage etc...)
• Experience in software engineering and test automation relevant to supported products with a drive for continual learning
• Hands-on experience with automation/DevSecOps/SRE activities with Gitops.
• Experience identifying security issues through code review
• Experience with Public Cloud platforms, such as GCP, AWS and Azure
• Experience with container-orchestration such as Kubernetes(GKE), and Serverless Platform.
• Understands product delivery elements (i.e., meeting delivery timelines, testing bottlenecks, constraints) and shares risks in the actual progress of delivery outcomes that the product team is delivering
• Knowledge of and ability to explain common security flaws and how to resolve them (e.g. the OWASP Top 10)
• Basic development or scripting experience and skills. Python, JavaScript,Node.js preferred.
• Understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)

At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.

Interested? If you know one of our team members, BEFORE applying, reach out to them and ask them for a referral link to help your application stand out.

Online applications are preferred. Please let us know if you require any accommodations.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.