Lead Engineer, Security Assurance

Purpose of the Job:The Lead Engineer, Security Assurance will be responsible for providing technical expertise to support the security of the organization's technology products. This includes managing security tools, identifying vulnerabilities, and providing recommendations for remediation. Additionally, the candidate will lead efforts to automate security processes, implement configuration management, and develop security processes around the Infrastructure & Application Security program. This position will be required to collaborate effectively with cross-functional teams and to provide guidance to business stakeholders on security-related matters. Ultimately, the Lead Engineer, Security Assurance will play a critical role in safeguarding the organization's assets and maintaining a high level of customer satisfaction.

Main Activities

• Lead and provide security testing using tools such as DAST, SAST, Mobile DAST, SCA, RASP, EASM & API Security.
• Design, implement and operate security solutions for the following capabilities: vulnerability management, infrastructure & application security.
• Manage the attack surface of Equitable Bank by identifying, prioritizing, and mitigating potential threats and vulnerabilities according to the organizations risk appetite.
• Build and manage relationships with stakeholders across the organization to ensure effective communication and collaboration on information security matters
• Implement and manage configuration management tools and processes across the organization's infrastructure & applications to ensure consistent and secure configurations
• Keep up-to-date with the latest security threats and vulnerabilities, and assess their impact on the organization
• Evaluate and implement new tools and technologies to improve the automation and efficiency existing processes
• Develop and maintain technical documentation, including standards, technical security configurations and procedures

Knowledge/Skill Requirements

• A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
• 5+ years of experience in information technology/information security
• Proven expertise in deploying and operating security infrastructure solutions is required.
• Experience in scripting or programming languages such as Python, Ruby, or PowerShell to automate security functions is preferred.
• Experience in cloud environments is required
• Excellent analytical and problem-solving skills
• Strong verbal and written communication skills
• The following certifications are preferred: CCSP, CCSK, CISM, CISSP, or CRISC.
• Understanding and experience with PCI DSS, MITRE ATT&CK, BSIMM, NIST, ISO 27K series is an asset.
• Experience working in a banking or financial services environment is an asset.
• Understanding of DevSecOps (CI/CD Pipelines, Shift-left, SCM, etc) approaches to automate security testing is an asset.
• Understanding of Vulnerability Management, Risk Acceptance and IT practices such as ITIL.

Accountability

• Reports directly to the Manager, Enterprise Security Assurance & Testing (ESAT)
• This position sets priorities for themselves, but also make decisions in their domain of accountability.
• This position is empowered to make decisions that impact their own position, however, there is decision-making involved relating to vulnerability management, which could have a potential impact on the overall reputation of the bank and as such should follow the bank’s IT Change management process.