Application Security Analyst

About Kinaxis  

Elevate your career journey by embracing a new challenge with Kinaxis. We are experts in tech, but it’s really our people who give us passion to always seek ways to do things better. As such, we’re serious about your career growth and professional development, because People matter at Kinaxis.    

In 1984, we started out as a team of three engineers. Today, we have grown to become a global organization with over 2000 employees around the world, with a brand-new HQ based in Kanata North in Ottawa. As one of Canada’s Top Employers, we are proud to work with our customers and employees towards solving some of the biggest challenges facing supply chains today.   

At Kinaxis, we power the world’s supply chains to help preserve the planet’s resources and enrich the human experience. As a global leader in end-to-end supply chain management, we enable supply chain excellence for all industries, with more than 40,000 users in over 100 countries. We are expanding our team as we continue to innovate and revolutionize how we support our customers. 

Location

Ottawa, Ontario- Hybrid

Other Canadian locations - Remote

About the role

The Application Security Analyst is responsible for identifying and remediating security related flaws across Kinaxis’ software applications and digital services, to promote a secure posture, and to conform these systems to the information security standards and policies.

As the Application Security Analyst, you will partner closely with stakeholders across the business, including from Corporate IT, Cloud Services, Product Development, and technology partners to contribute to the implementation of adequate security solutions and controls. You will mitigate cyber risks, respond to incidents, and produce evidence for regulatory requirements, with the goal of achieving business objectives.

As a key player in the development, implementation and maintenance of a company-wide information security infrastructure, you will partner with stakeholders to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance within the context of risk tolerance for both cloud and on-premise environments.

What you will do

• Identify information security risks at the application level, at each stage of development, and proactively work to ensure that risks are identified, assessed and mitigated across the business
• Integrate static and/or dynamic code analysis tools into the SDLC
• Build a governance process for Software Developers to execute secure development principles and best practices (e.g. OWASP Top 10)
• Arrange or conduct vulnerability and penetration tests against defined systems
• Identify and propose key application security priorities, initiatives, plans, practices and tools
• Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and provide recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities
• Collaborate across the company to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required
• Monitor application security trends and evolving technologies and keep senior management informed about related application security issues and implications for the Company
• Participate in the Security Incident Response Process
• Assist with disaster recovery and business continuity planning
• Perform technical risk assessments and reviews of new and existing applications and systems
• Assist with emergencies and incident response after hours should the need arise

What we are looking for

• Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or equivalent
• 2-4 years of experience identifying and mitigating risks to software applications; high-tech, global environment preferred; 2+ years of hands-on experience in Information Security Auditing
• Technical skills relevant to Application Security such as secure coding standards, application security testing, Java programming, ethical hacking techniques, cloud security architecture, vulnerability and threat management
• Hands-on experience with vulnerability management and penetration testing tools (e.g. NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, Metasploit, etc.)
• Analytical, system, and design thinking skills with an inventive approach to work through deep, ambiguous, and progressively complex problems
• Highly adaptable and able to pivot based on prioritization and needs of the business; proactively solicits feedback to ensure alignment
• Agile and resilient in managing multiple projects with multiple sources of information
• A clear, concise, and professional communicator with the ability to present information and demonstrate knowledge to stakeholders at varying levels within the business
• Familiarity with Information Security industry standards/best practices and relevant regulations (e.g.some of SSAE16, SOC 2, C5, PCI DSS, HIPAA, GLBA, FISMA, NIST, ISO27000, CobiT, ISF, OWASP, ITIL, ATT&CK)
• Relevant certifications, such as CASE, ASVS, CISSP; a published CVE discovered by the applicant is an asset 

Work With Impact: Our platform directly helps companies power the world’s supply chains. We see the results of what we do out in the world every day—when we see store shelves stocked, when medications are available for our loved ones, and so much more. 

Work with Fortune 500 Brands: Companies across industries trust us to help them take control of their integrated business planning and digital supply chain. Some of our customers include Lockheed Martin, Yamaha, P&G, Honda, and more. 

Social Responsibility at Kinaxis: Our Diversity, Equity, and Inclusion Committee weighs in on hiring practices, talent assessment training materials, and mandatory training on unconscious bias and inclusion fundamentals. Sustainability is key to what we do and we’re committed to net-zero operations strategy for the long term. We are involved in our communities and support causes where we can make the most impact.

People matter at Kinaxis and these are some of the perks and benefits we created for our team:

• Flexible vacation and Kinaxis Days (company-wide day off on the last Friday of every month)
• Flexible work options
• Physical and mental well-being programs
• Regularly scheduled virtual fitness classes
• Mentorship programs and training and career development
• Recognition programs and referral rewards
• Hackathons

Kinaxis welcomes candidates to apply to our inclusive community. We provide accommodations upon request to ensure fairness and accessibility throughout our recruitment process for all candidates, including those with specific needs or disabilities. If you require an accommodation, please reach out to us at recruitmentprograms@kinaxis.com. Please note that this contact information is strictly for accessibility requests and cannot be used to inquire about application statuses.

Kinaxis is committed to ensuring a fair and transparent recruitment process. We use artificial intelligence (AI) tools in the initial step of the recruitment process to compare submitted resumes against the job description, to identify candidates whose education, experience and skills most closely match the requirements of the role. After the initial screening, all subsequent decisions regarding your application, including final selection, are made by our human recruitment team. AI does not make any final hiring decisions.