Security Engineer - Applications
Kepler Communications
IT
Toronto, ON, Canada
Posted on Friday, September 9, 2022
Kepler is on a Mission to bring the internet to space. Incorporated in 2015, Kepler’s guiding star is to enable the space economy through the creation of a communication network in Low Earth Orbit (LEO) that will provide connectivity services to other space missions, be they on orbit in LEO, MEO, GEO, or beyond. With an expanding base of early customers and our first 21 satellites in orbit, Kepler is continuing to grow and expand its most important asset – the Team! Based out of our HQ in Toronto and with an office in the UK and a newly formed office in the US we are building towards a truly global company delivering a product for the whole world.
As Security Engineer of Applications, you will work very closely with Chief Information Security Officer (CISO) to provide security expertise and management on Kepler’s various applications, programs, and projects. This role reports into the CISO and will be responsible for ensuring IT management has the information required to understand application security status and determine how different security decisions impact the bottom line.
This role is based in Toronto, with approximately 40% of time spent on-site and 60% as remote work option.
Responsibilities:
- Perform vulnerability scans (SAST and DAST) and internal penetration testing, review output, perform analysis of results and remediation.
- Working closely with developers to help improve the security of products and services, as well as designing technical solutions to address security weaknesses, and working with relevant stakeholders to implement them.
- Perform security-focused code reviews.
- Developing and maintaining software application security policies and procedures.
- Providing technical leadership, guidance, and direction to the application security team.
- Developing and maintaining documentation of application security controls.
- Implementing software application security control.
- Build and conduct secure coding training for stakeholders.
- Maintain professional relationships with internal and external stakeholders, participating in team meetings and work closely with technical and non-technical teams.
- Identify and mitigate security business and system risks if different from risks managed at the project level.
- Evaluate internal and external environment for threats, changes, related to application security and perform the role as Information Security subject matter expert (SME) to ensure they are properly addressed and controlled.
- Conduct analysis and provide security design requirements for existing or new systems and infrastructure, data, software, and facilities.
- Act as technical contributor to all things related to application security.
- Help Kepler evolve its application security functions and services.
- Support Kepler’s security awareness program.
Requirements:
- 8+ years of progressive experience as an Information Security Professional with a BA/BSc. (or higher) degree in Information Security or a related technical field.
- Extensive experience working in agile environments and with Continuous Integration / Continuous Delivery (CI/CD).
- Experience with C++, Python for the purpose of code review.
- Completion of one or more certifications such as but not limited to CISSP, CISA, CISM, CEH, CCSP, GIAC, ITIL, etc.
- Extensive knowledge of CWE Top 25 and/or OWASP Top 10.
- Experience with common application security tools (e.g., static analysis tools, proxying / penetration testing tools).
- Work collaboratively with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks.
- Knowledge of security standards and regulations such as NIST CSF, ISO 27001/2, FISMA etc.
- Advanced knowledge in securing container and microservices technologies (Kubernetes).
- Knowledge of typical behaviors of malware and malware authors.
- Excellent communication and interpersonal skills with the ability to clearly identify and articulate issues.
- Ability to work towards aggressive deadlines in a timely manner.
- Proven problem solver with sound judgment who accepts ownership and accountability.
- Strong organizational skills with the ability to multitask in a fast-paced environment and manage multiple deadlines and priorities.
Bonus Points:
- Experience with GitLab.
- Experience with Pylint.
- Experience with AWS and/or Azure.
#LI-HYBRID
Kepler Communications Inc. is committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We welcome applications from: women, Aboriginal persons, persons with disabilities, ethnic minorities, visible minorities, people who identify as LGBT and others who may contribute to diversification in our workplace.
As part of our commitment to accessibility for all persons with disabilities, Kepler will, upon the request of the applicant, provide accommodation during the recruitment process to ensure equal access to applicants with disabilities. Please contact our People & Culture team, through our Career Page to make your accommodation needs known and we will consult with you to ensure suitable accommodation is provided.
See more open positions at Kepler Communications
Something looks off?
