Détails du poste
- Lieu de travail : Montreal (Hybride)
- Type de poste : Permanent à temps plein
Application Security Engineer (.NET)
Niveau d’expérience
Level 4 (advanced): 7-15 years
Lieu
Montreal (Day 1 onboarding onsite/in office presence 3x/week)
Description du poste
We are seeking an experienced Application Security Engineer with strong .NET Framework expertise to join the Productivity and Collaboration fleet within Workforce Technology.
We are strengthening the security, quality and resilience of the applications and services used by employees across the firm. As an engineer in the Productivity and Collaboration fleet, the successful candidate will review, harden and improve code across our internal .NET repositories to meet the highest standards of secure engineering. The candidate will be involved in all phases of the software development lifecycle and will collaborate with other squad members to deliver measurable value to our stakeholders.
RESPONSIBILITIES
- Review, harden and improve code across internal .NET Framework applications and services
- Build and run automation in PowerShell to analyse, improve and harden code across internal repositories
- Partner with development squads to embed secure coding practices throughout the software development lifecycle
- Strengthen existing application features and remediate findings raised through code review and security tooling
- Enhance the team’s use of automated security testing within Continuous Integration/Continuous Delivery pipelines
- Perform code reviews and contribute to secure-by-design standards, patterns and guidance
- Support and improve the team’s adoption of agile principles: participate in sprint retrospectives and demos as needed
Exigences
SKILLS REQUIRED
- 8+ years or more of software development experience
- Experience writing Powershell scripts
- Strong hands-on expertise with the .NET Framework (C#, ASP.NET)
- Demonstrable application security experience
- Secure coding, code review and remediation
- Familiarity with recognised application security standards (e.G. OWASP)
- Hands on experience with Continuous Integration/Continuous Delivery
- Hands on experience with Agile development (Scrum, Kanban)
- Understanding of SDLC and secure CI/CD processes
- Hands on experience with Jira or other issue-tracking systems
Qualifications
NICE TO HAVE SKILLS
- .NET Core
- Static and dynamic application security testing (SAST/DAST) tools
- Threat modelling experience
- Secure software development certification (e.G. CSSLP)
- SQL and Database Design
*//EEO Employer: Minorities/ Females/ Disabled/ Veterans/ Gender Identity/ Sexual Orientation//*