Our client is a top financial institution with significant North American holdings. They have operations across most major verticals, including institutional & corporate, wealth management, private client, commercial banking, treasury, and retail banking.
The Solution Designer will assess Cyber Security Penetration Test findings/security gaps, analyze exposed application code, and develop technical solution options to implement application or platform/infrastructure level remediation for key Java, Lotus Notes and Oracle/APEX applications. Document and Present solution options to various IT and business stakeholders. And, develop skills, effort, and cost estimates of remediation actions.
What you will achieve in this role:
- Demonstrated experience assessing services or protocols vulnerable to internal or external attack; effectiveness of firewalls or sensors; trivial account credentials; weak encryption protocols and vulnerable software versions. Experience includes internal custom build applications running on internal cloud.
- Experience of Ethical Hacking & Vulnerability Management; Security controls and design to close vulnerability gaps and possible exploitation; mitigate identified risks and design/lead validation test after identified vulnerabilities remediation.
- Experience or practical knowledge of variety of security assessments including host (computer/image/server) based security assessment; Wireless spectrum security assessment; Static Application Security Testing (SAST); Dynamic Application Security Testing (DAST); Open Source Intelligence gathering (OSINT) and Full spectrum attack simulation (Red team exercises).
- Experience with identifying and closing gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
- Experience communicating and presenting technical information and solutions in business terms, risks, threats and opportunities to client stakeholders. Ability to convince/influence multiple stakeholders about the security threats/risks and need for action/mitigation.
- Demonstrated experience liaising with various IT stakeholders including Corporate Security, Privacy specialists, Architects, Developers, DBAs and Project Managers. Ability to communicate and interact with all the above and form a working partnership.
What you will bring to this role:
- Extensive knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, fire-walls, authentication, virus protection, etc.); and a proven working knowledge of security audit protocols and procedures including to PenTest, SQL Injection, etc.
- Knowledge and demonstrated experience of IT concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture, technology architecture and data flows.
- Knowledge and experience with multi-vendor & multi-datacentre system integration and related security design issues. Expert knowledge of IT techniques to secure data transfer between disparate applications located in multiple data centres belonging to different Cloud providers e.g. API integration between two systems in two different cloud services providers.
- Solid knowledge of IT industry security architecture, policies, procedures and standards to protect business and IT assets including SOC, CSA STAR and FedRAMP. Preferable to have knowledge of OPS I & IT strategies, directives, policies and standards including GO ITS Security Standards - GO-ITS 25.1 through 25.21 and 42 GO ITS Standards for: Architecture, Information. Technical, Enterprise Products, Networking
- Comprehensive knowledge of Java/JEE, GIS, .NET and related multi-tiered I&IT technologies, (e.g. JSP/Servlet,JEE, EJB, JNDI, JDBC, JMS, JPA, JAXB, JCache; Open Database Connectivity (ODBC); XML/XSL/XSLT, WebServices, Rational Application Developer (RAD), Software Architect (RSA), WebSphere Integration Developer (WID), Power Designer, WebSphere ND, WebSphere Process Server, Enterprise Service Bus (ESB), SUN Solaris, Windows OS, VPN, PKI, LDAP, Oracle databases, DBMS, PL/SQL, .NET, Zachman Framework; cloud computing), and related standards; extensive knowledge of state-of-the-art IT security management, micro/mini and personal computer systems; and knowledge of emerging technologies.
- Lotus Notes hands-on 3+ years experience including HCL Notes/Domino application development for Notes client (Version 9.0.1); HCL Notes/Domino server commands; Webservices (SOAP/REST) on Lotus script, Lotus Shell Script and Formula language; HCL Enterprise ETL, SQL and Designer
- Hands-on 3+ years experience of developing and maintaining applications using Oracle APEX version 18 and above
- Thorough knowledge of large-scale, complex systems analysis techniques, methodologies and relevant architectures, including strong experience with Service Oriented Architectures (SOA) and related technologies, design of distributed applications, security design and implementation considerations, Cryptography, Authentication and Identity Management, Session Management, Unified Modelling Language (UML) design artefacts and Rational Unified Process (RUP) methodology, design and development, programming concepts and languages, (including advanced knowledge of object oriented analysis and design), internet/intranet technology, and emerging technologies.
We thank you for your interest in the position, however, only those who are qualified will be contacted
Inclusion and Equal Opportunity Employment
Our client is an equal opportunity employer committed to diversity and inclusion; creating an inclusive environment where all team members and clients feel like they belong. We are pleased to consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, Aboriginal/Native American status or any other legally-protected factors. We seek applicants with a wide range of abilities, and we provide an accessible candidate experience; accommodations during the application process are available upon request.