Sr. Application Security Specialist (GCS)

Job Summary

Job Description

WHAT IS THE OPPORTUNITY?

Reporting to the Senior Manager of Application Security Transformation - you would provide technical execution in Application Security for the global RBC business and application development teams across all enterprise information technology groups.

You will be participating in the development of application security best practices, tools, and processes. You will also help execute various application security projects across all RBC lines of business.

This role will also require you to have solid understanding of CI / CD pipelines, DevSecOps and various application security testing techniques such as SCA, OSA, SAST, DAST and IAST.

WHAT WILL YOU DO?

Develop automation & integration capabilities for tools onboarding and security controls enforcement by partnering with Enterprise DevOps team.

Support end users & Review Dynamic application security testing reports to validate findings / false positives and assist developers in the remediation.

Develop metrics to measure Security and Risk posture of RBC applications.

Educate key organizational stakeholders (e.g. developers, security consultants, executives) on application security matters across the organization.

Assist in the development, evaluation, and implementation of application security controls and processes.

Ensure applications are thoroughly tested for security vulnerabilities using industry best practices prior to production release.

Research and keep up to date on application security emerging threats, techniques, tools, and trends.

Work in a diverse environment leveraging other team members' experience and knowledge.

WHAT DO YOU NEED TO SUCCEED?

Must have :

Experience developing and testing apps in any of programming languages : Python, Java (preferred).

Knowledge of Secure Software Development practices, SCA / OSA, SAST, DAST, IAST methods & tools.

Understanding of CI / CD and DevSecOps approaches and experience working with DevSecOps tools.

Solid understanding of security-related frameworks and OWASP Top 10 (Web & API).

Strong written / verbal communications skills and ability to manage client / stakeholder relations.

Nice-to-have :

Understanding of GitHub Actions based pipeline & GitHub Advanced Security tools.

Prior experience of leading Enterprise level Application Security Controls & enforcement.

RBC is committed to supporting flexible work arrangements when and where available. Details to be discussed with Hiring Manager.

What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper.

We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable

Leaders who support your development through coaching and managing opportunities

Ability to make a difference and lasting impact

Work in a dynamic, collaborative, progressive, and high-performing team

A world-class training program in financial services

Flexible work / life balance options

Opportunities to do challenging work

LI-Hybrid

LI-POST

TECHPJ

Job Skills

Application Programming Interface (API) Security, Application Security, Curiosity, DevOps, DevSecOps, GitHub Actions, GitHub Advanced Security, Java, Leadership, Mentorship, Open Web Application Security Project (OWASP), OWASP Top 10, Prioritization, Python (Programming Language), Secure Coding Practices, Technology Leadership