Application Security Specialist
Apply NowCompany: Della Infotech, Inc.
Location: Edmonton, AB T5A 0A1
Description:
Description:
Project Name:
Vulnerability Remediation
Scope:
The GOA is enhancing its security posture by adopting DevSecOps as a methodology. As a result, a senior Applications Security Specialist is required to assist application teams in developing the security components of the process, automation, and tooling.
A strong background in application development and architecture (with a focus on the security architecture domain) is required, as is experience in utilizing DevSecOps to enable automation and testing.
Duties:
Assist Departments in assessing, selecting, implementing and verifying the effectiveness of security controls.
Developing or reviewing application architecture for information technology systems from a security perspective.
May also conduct vulnerability and penetration testing activities and provide a hands-on assessment of applications to identify potential weaknesses.
Perform a thorough examination of the IT application and identify the weak points.
Vulnerability assessment interprets and compares results against the various business processes to determine whether the perceived vulnerability is indeed valid, is a false positive or whether other security controls address the perceived vulnerability.
Determine if the protective controls of a given IT system can be bypassed by actively exploiting identified weaknesses.
Provides evidence (sometimes to an unbelieving audience) that vulnerabilities can be exploitable.
Some activities include:
Application vulnerability scanning to identify potential vulnerabilities in web and application services.
Web application penetration services to simulate real attacks on web and application services
Equipment Requirements:
GoA will supply laptop or desktop.
Working Hours:
Standard Hours of work are 08:15 - 16:30 Alberta time, Monday through Friday excluding holidays observed by the Province
Work must be done from within Canada, due to network and data security issues.
It is primarily the role will be 100% remote, however in the event of an onsite meeting, the GoA does not pay for travel to attend on-site meetings, nor any expenses related to relocation, commuting, housing/accommodation, food/drink.
Notes on Location:
This resource will primarily work remotely; however, the resource may be required to attend meetings or work sessions in office on reasonable notice from the Province. At the time of providing such notice, the Province will advise of the expected duration of any such meetings or work sessions. However, time to travel and any associated expenses to and from Edmonton and/or travel within Alberta will be at no cost to the Province.
The expectation will be for the resource to work from the office 3 days a Month
Incumbency:
Previously this role was filled by a contractor, however, for this and all other opportunities, the Ministry seeks the best person to fill the role.
Background Check Required:
Enhanced Background Check:
A standard criminal record check will be required before we start the Enhanced Security Clearance process.
An Enhanced Security Clearance will be required for this position, which will be coordinated by GoA only for this position. Enhanced Security Clearance includes a standard Criminal Records Check and enhanced security including a Credit Check.
Mandatory Training Courses:
Once hired the resource will be required to complete all mandatory training which includes but not limited to Freedom of Information and Protection of Privacy Act and Security awareness training. There may also be some optional courses as well.
Anticipated Interviews Dates
will be held between March 17-20, 2025.
Refer to the Job Posting attachments for the proposed form of contract applicable to this Contingent Resource Request
Scoring Methodology:
Financial/Pricing: 20%
Resource Qualifications: 20%
Interview Process: 60%
SUBMISSION MUST INCLUDE:
RESUME
ALL REQUIRED EXPERIENCE MUST BE DESCRIBED IN RESUME UNDER THE JOB/PROJECT WHERE EXPERIENCE WAS ATTAINED.
EACH JOB/PROJECT MUST CONTAIN THE TERM OF THE JOB/PROJECT IN THE FORMAT MMM/YYYY to MMM/YYYY.
RESOURCE REFERENCES
o Three references, for whom similar work has been performed, must be provided. The most recent reference should be listed first. Reference checks may or may not be completed to assist with scoring of the proposed resource.
Qualification
Additional Details
University graduation in Computing Science or a related discipline and 5-yr work experience related to this position
OR
2-yr diploma in Computing Science or a related discipline and 7-yr work experience related to this position
OR
1-yr certificate in Computing Science or a related discipline and 8-yr work experience related to this position
OR
9-yr work experience related to this position" class="overflowAuto">Yes/No - Computer Science Degree/Diploma with experience...
Yes
Yes/No - Formal training from a recognized and reputable source on ethical hacking and secure...
Yes Other
Other - Eligibility for Enhanced Security Clearance - Yes/No
Yes Professional Licenses/Certification
Yes/No - Active certification in CISSP, CISM.
Yes Work Experience
Duration - Experience implementing DevSecOps in an enterprise environment
2 years
Duration - Experience in directly assessing the effectiveness of application security controls...
5 years
Duration - Experience in secure software lifecycle development processes.
5 years
Nice to Have Technical Skills
Duration - Implementing and Utilizing Azure DevOps in building software
2 years
Duration - Implementing and Utilizing Github and Github actions in building software
2 years
Duration - Using tools to test security in application development and operations
2 years
Project Name:
Vulnerability Remediation
Scope:
The GOA is enhancing its security posture by adopting DevSecOps as a methodology. As a result, a senior Applications Security Specialist is required to assist application teams in developing the security components of the process, automation, and tooling.
A strong background in application development and architecture (with a focus on the security architecture domain) is required, as is experience in utilizing DevSecOps to enable automation and testing.
Duties:
Assist Departments in assessing, selecting, implementing and verifying the effectiveness of security controls.
Developing or reviewing application architecture for information technology systems from a security perspective.
May also conduct vulnerability and penetration testing activities and provide a hands-on assessment of applications to identify potential weaknesses.
Perform a thorough examination of the IT application and identify the weak points.
Vulnerability assessment interprets and compares results against the various business processes to determine whether the perceived vulnerability is indeed valid, is a false positive or whether other security controls address the perceived vulnerability.
Determine if the protective controls of a given IT system can be bypassed by actively exploiting identified weaknesses.
Provides evidence (sometimes to an unbelieving audience) that vulnerabilities can be exploitable.
Some activities include:
Application vulnerability scanning to identify potential vulnerabilities in web and application services.
Web application penetration services to simulate real attacks on web and application services
Equipment Requirements:
GoA will supply laptop or desktop.
Working Hours:
Standard Hours of work are 08:15 - 16:30 Alberta time, Monday through Friday excluding holidays observed by the Province
Work must be done from within Canada, due to network and data security issues.
It is primarily the role will be 100% remote, however in the event of an onsite meeting, the GoA does not pay for travel to attend on-site meetings, nor any expenses related to relocation, commuting, housing/accommodation, food/drink.
Notes on Location:
This resource will primarily work remotely; however, the resource may be required to attend meetings or work sessions in office on reasonable notice from the Province. At the time of providing such notice, the Province will advise of the expected duration of any such meetings or work sessions. However, time to travel and any associated expenses to and from Edmonton and/or travel within Alberta will be at no cost to the Province.
The expectation will be for the resource to work from the office 3 days a Month
Incumbency:
Previously this role was filled by a contractor, however, for this and all other opportunities, the Ministry seeks the best person to fill the role.
Background Check Required:
Enhanced Background Check:
A standard criminal record check will be required before we start the Enhanced Security Clearance process.
An Enhanced Security Clearance will be required for this position, which will be coordinated by GoA only for this position. Enhanced Security Clearance includes a standard Criminal Records Check and enhanced security including a Credit Check.
Mandatory Training Courses:
Once hired the resource will be required to complete all mandatory training which includes but not limited to Freedom of Information and Protection of Privacy Act and Security awareness training. There may also be some optional courses as well.
Anticipated Interviews Dates
will be held between March 17-20, 2025.
Refer to the Job Posting attachments for the proposed form of contract applicable to this Contingent Resource Request
Scoring Methodology:
Financial/Pricing: 20%
Resource Qualifications: 20%
Interview Process: 60%
SUBMISSION MUST INCLUDE:
RESUME
ALL REQUIRED EXPERIENCE MUST BE DESCRIBED IN RESUME UNDER THE JOB/PROJECT WHERE EXPERIENCE WAS ATTAINED.
EACH JOB/PROJECT MUST CONTAIN THE TERM OF THE JOB/PROJECT IN THE FORMAT MMM/YYYY to MMM/YYYY.
RESOURCE REFERENCES
o Three references, for whom similar work has been performed, must be provided. The most recent reference should be listed first. Reference checks may or may not be completed to assist with scoring of the proposed resource.
Qualification
Additional Details
- Payment Terms : Y030 - within 30 days Due net|Y015
- Maximum Extension Term (Months) : 24
University graduation in Computing Science or a related discipline and 5-yr work experience related to this position
OR
2-yr diploma in Computing Science or a related discipline and 7-yr work experience related to this position
OR
1-yr certificate in Computing Science or a related discipline and 8-yr work experience related to this position
OR
9-yr work experience related to this position" class="overflowAuto">Yes/No - Computer Science Degree/Diploma with experience...
Yes
Yes/No - Formal training from a recognized and reputable source on ethical hacking and secure...
Yes Other
Other - Eligibility for Enhanced Security Clearance - Yes/No
Yes Professional Licenses/Certification
Yes/No - Active certification in CISSP, CISM.
Yes Work Experience
Duration - Experience implementing DevSecOps in an enterprise environment
2 years
Duration - Experience in directly assessing the effectiveness of application security controls...
5 years
Duration - Experience in secure software lifecycle development processes.
5 years
Nice to Have Technical Skills
Duration - Implementing and Utilizing Azure DevOps in building software
2 years
Duration - Implementing and Utilizing Github and Github actions in building software
2 years
Duration - Using tools to test security in application development and operations
2 years