Senior Application Security Consultant

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

What You’ll Be Doing

CIBC’s Application Security and Risk team strives to ensure that all applications across the enterprise follow security best practices, to enhance CIBC’s overall security landscape and protect Our Bank, Our Clients, and Our Employees.

As a Senior Application Security Consultant, you will play the role of a subject matter expert working alongside with cross functional application development teams to identify, assess, report, and manage security risks and design flaws identified in key applications with practical and achievable recommendations.  As a trusted advisor and security ambassador, your responsibilities include influencing the enterprise teams to build security into their design, operating and development techniques.

At CIBC we enable the work environment most optimal for you to thrive in your role you’ll have the flexibility to manage your work activities within a hybrid work arrangement where you’ll spend 1-3 days per week on-site, while other days will be remote.

How You'll Succeed

• Application security steward – Provide guidance to development teams and oversee application security testing services, including dynamic application security testing (DAST), static application security testing (SAST), software composition analysis (SCA), mobile application security testing (MAST) and container security

• Risk-based vulnerability management – Review security scan results and collaborate with development teams to prioritize security vulnerabilities using a risk-based approach, and support the remediation process

• Training and awareness – Deliver training and awareness sessions to application development teams on how to use application security tools, and educate developers on the benefits of integrating security testing throughout the software development lifecycle

• Security tool integration – Collaborate with development teams to integrate automated security tools into continuous integration and continuous delivery (CI/CD) pipelines.

• Continuous improvement – Promote continuous improvement by applying lessons learned from projects and ongoing security assessments.

Who You Are

• You can demonstrate experience using application security testing tools and platforms to manage and perform static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and mobile application security testing (MAST). You are skilled at identifying and remediating common web application vulnerabilities, such as those outlined in the OWASP Top 10

• You have hands-on experience in software development and a strong understanding of application security concepts, including secure coding, design, and industry standards and best practices. You are comfortable working with security code issues across a variety of languages such as Java Enterprise Edition (JEE), .NET, JavaScript, HTML, JSP, and ASP.

• You have a bachelor’s degree in computer science, software engineering, a related field, or an equivalent combination of education and experience. You bring at least five years of progressive experience in application security, secure software development, or related fields. It’s an asset if you have experience in financial services, cloud environments, or DevSecOps practices.

• You have strong interpersonal and communication skills. You are able to clearly articulate application security issues to a range of stakeholders, including developers, project managers, and management. You have a track record of developing strong relationships across various levels of an organization to drive positive results and communicate requirements effectively.

• You’re a certified professional. You have, or are working towards, relevant security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Secure Software Lifecycle Professional (CSSLP)

• Values matter to you. You bring your real self to work and you live our values – trust, teamwork, and accountability.

#LI-TA

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.

• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a benefits program*, defined benefit pension plan*, an employee share purchase plan, a vacation offering, wellbeing support, and MomentMakers, our social, points-based recognition program.

• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients.

• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development.

*Subject to plan and program terms and conditions

What you need to know

• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com

• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

• We may ask you to complete an attribute-based assessment and other skills tests (such as simulation, coding, French proficiency, MS Office). Our goal for the application process is to get to know more about you, all that you have to offer, and give you the opportunity to learn more about us.

Job Location

Toronto-81 Bay, 19th Floor

Employment Type

Regular

Weekly Hours

37.5

Skills

Application Security, DevSecOps, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Web Application Security Testing