Our client is an R&D and Innovation lab located in downtown Toronto, that are responsible for transmitting billions of bytes of electronic and secure data at dizzying speeds. Their goal is to make commerce more accessible and convenient, and in 2017, they launched their first foray app into Canada/North America, which helps users organize and pay bills in one simple location. Not only does the app send you reminders so that you never miss a payment, but it also gives you 3% cash back on popular retail brand gift cards! They support their parent company, a mobile payments and financial services company that currently serves 300 million customers!!
Working on a small diverse, and tight-knit team that is committed to working for the end consumer, they leverage their expertise in technology to build a lasting, secure, and efficient solution. Their creative and incredibly talented engineers work to provide customized and confidential experiences for their consumers and users. They encourage their employees to take charge of their innovative ideas and execute them with passion and vigour.
Are you a passionate engineer who derives purpose in life by protecting the confidentiality and integrity of large scale consumer facing systems with your adept hacking skills in finding vulnerabilities and helping teams fix it? If so, then we would like to hear from you.
Must Have Skills:
• Bachelors Degree in Computer Science or equivalent years of related Network Security experience a must.
• 3+ years of experience as a Security Engineer.
• Experience with OS internals and hardening (Linux, OS X, Windows).
• Firm grasp of networking protocols and operations. Comfortable with low level packet sniffing, working knowledge on Kali, Wireshark, Burpsuite, Metasploit, nmap, fiddler, sqlmap, nessus. Knowledge on network attacks, detections, and defences.
• Must have experience in programming languages and security frameworks such as Python, Ruby, Node.js, Java, Bash, Spring Security and Shiro.
• Knowledge of AWS and Cloud Data Security such as EC2, ECS, VPC, VPN, IAM, KMS, Security Groups/Subnets, etc. is required.
• Must have knowledge of theoretical and applied cryptography, key management, and a strong understanding of cryptography algorithms such as RSA, AES, SSL vs TLS, PKI, etc.
• Working knowledge with Vault or KMS is considered an asset.
• Thorough understanding of authentication, authorization, and directory services such as SSO, OAuth, or OpenId.
Responsibilities:• Pushing the boundaries of security technology to create defences for large scale production infrastructure, spanning multiple clouds and impacting millions of customer’s daily lives.
• Acting as both a builder and a breaker by creating tools to help engineers write more secure code and performing penetration tests of public and internal applications.
• Contributing to our clients, servers, and networks by hardening against exploitation and privilege escalation.
• Providing subject matter expertise on architecture, authentication, and systems security. Understanding our full engineering stack, services and data flow, and owning their security controls.
• Working in a fast pace environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.
• Performing source-code reviews, code check-ins/audits, and participating in penetration tests and vulnerability assessments.
• Implementing and maintaining technologies for security, such as vulnerability testing, logging, monitoring and incident responses.
• Consulting with engineers on planned/current platform and code changes to ensure security is given due consideration during architectural planning and implementation.
• Owning security awareness training for engineering and creating engaging security programs (bug bounty, white hat testing, and more).
Dress Code: Casual