- Ascertain a holistic understanding of TAL's systems, development workloads and lifecycles.
- Create and update software Application Security policies and procedures.
- Work closely with the TAL Cyber team to implement security best practices and standards to protect sensitive data and ensure compliance with regulations.
- Collaborate with development teams to integrate security controls into the software development process.
- Conduct security assessments on applications to identify and remediate vulnerabilities.
- Drive response to security incidents, conducting root cause analysis and implementing corrective actions.
- Analyse application code and recommend solutions to identified security issues.
- Execute planned and ad-hoc security scans of software applications, and interpret results for development teams.
- Maintain documentation related to Application Security processes and controls.
- Providing Application Security guidance, coaching, and training to development teams and other stakeholders.
- Ensuring the adoption and implementation of Application Security tools in the DevSecOps lifecycle.
- Gather, manipulate and report on data from Application Security tools programmatically.
- Work with vendors to tailor Application Security tools to fit TAL workloads.
- Stay up-to-date on the latest security threats and trends to proactively address potential risks and educate development teams.
- 5-10 years of experience in Application Security, with a strong background in secure coding practices and vulnerability management.
- Proficiency in using Static Application Security Testing (SAST) such as Checkmarx, Fortify etc, Software Composition Analysis (SCA) such as Blackduck, Snyk, Sonatype etc, and Dynamic Application Security Testing (DAST) tools.
- Working knowledge of platforms like AWS, Azure, or Google Cloud for deploying and managing applications.
- Familiarity with containerisation and Azure Kubernetes Service (AKS) deployment
- Demonstrated secure software development practices, including threat modelling, secure coding guidelines, and secure architecture design.
- Knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and how to remediate them.
- A strong knowledge of programming languages, such as .NET and JavaScript.
- Experience in automating tasks using a scripting language, such as JavaScript, Python and/or Powershell
- Understanding of how to implement SAST/SCA/DAST into DevOps CI/CD pipelines.
- Experience with Agile development methodologies, with working knowledge in project management software (e.g. Jira).
- Ability to effectively collaborate with external vendors, multiple internal stakeholders, and senior management across departments.
- A proven track record of working with development teams to remediate application vulnerabilities.
- A high level of analytical, problem-solving, and decision-making skills.
- Excellent written and verbal communication skills, interpersonal and collaborative skills.
- Penetration testing experience preferred but not mandatory.
We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past, present, and emerging.Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyone's responsibility.If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.