Application Security Analyst Jobs

At Kinaxis, who we are is grounded in our common belief that people matter. Each one of us plays an important part in accomplishing our work, building our culture and making a global impact.
Every day, we’re empowered to work together to help our customers make fast, confident planning decisions. This is how we create a better planet – for each other, for our customers and for generations to come. Our cloud-based platform RapidResponse ensures that the products we need – everything from medicine and cars, to day-to-day items like toothpaste – make it to market and into our hands when we need them with minimal ecological footprint.
We make the world better, and you can too.
Job Title: Application Security Analyst
Job location: (Ottawa, Ontario, CA - Hybrid; other North - American Locations - Remote)
About the role
Reporting to the Senior Director of Global Information Security, the Application Security Analyst is responsible for identifying and remediating security related flaws across Kinaxis’ software applications and digital services, to promote a secure posture, and to conform these systems to the information security standards and policies.
As a strong collaborator and team player, the candidate will partner closely with stakeholders across the business, including from Corporate IT, Cloud Services, Product Development, and technology partners to contribute to the implementation of adequate security solutions and controls. The candidate will also mitigate cyber risks, respond to incidents, and produce evidence for regulatory requirements, with the goal of achieving business objectives.
As a key player in the development, implementation and maintenance of a company-wide information security infrastructure, the candidate will partner with stakeholders to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance within the context of risk tolerance for both cloud and on-premise environments.
What You Will Do

• Monitor application security trends and evolving technologies and keep senior management informed about related application security issues and implications for the Company.
• Arrange or conduct vulnerability and penetration tests against defined systems.
• Identify and propose key application security priorities, initiatives, plans, practices and tools.
• Collaborate across the company to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.
• Participate in the Security Incident Response Process
• Integrate static and/or dynamic code analysis tools into the SDLC
• Assist with emergencies and incident response after hours should the need arise
• Build a governance process for Software Developers to execute secure development principles and best practices (e.g. OWASP Top 10).
• Perform technical risk assessments and reviews of new and existing applications and systems
• Identify information security risks at the application level, at each stage of development, and proactively work to ensure that risks are identified, assessed and mitigated across the business.
• Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and provide recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.
• Assist with disaster recovery and business continuity planning

What You Should Have

• Two years of hands-on experience in Information Security Auditing.
• Hands-on experience with vulnerability management and penetration testing tools:
• Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. some of SSAE16, SOC 2, C5, PCI DSS, HIPAA, GLBA, FISMA, NIST, ISO27000, CobiT, ISF, OWASP, ITIL, ATT&CK)
• Strong written and oral communication skills
• Education background in Information Security, Computer Science, Information Management Systems, or equivalent.
• Successful candidate must be able to fulfill all security and confidentiality thresholds for this position (criminal background check)
• 4+ years of experience identifying and mitigating risks to software applications; high-tech, global environment preferred
• Bonus if you have a published CVE discovered by you.
• Eg: NMAP, Nessus, Burp, ZAP, Nexpose, BackTrack, Kali Linux, Metasploit, etc
• Some relevant certifications, such as CASE, ASVS, CISSP.
• Technical skills relevant to Application Security such as secure coding standards, application security testing, Java programming, ethical hacking techniques, cloud security architecture, vulnerability and threat management

What we have to offer

• Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large.
• Great People - We take our work seriously, but we don’t take ourselves too seriously! It’s in our DNA to celebrate, laugh, and have fun. We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success.
• Diversity, Equity and Inclusion - Diversity, equity and inclusion are more than words to us. They are the guiding principles for building a culture where we celebrate each others’ differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen.
• Challenging Work - We love solving highly complex problems. And as the global leaders in our industry, we never stop innovating—our work is never “done. That’s because across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they’re passionate about.

For more information, visit the Kinaxis web site at www.kinaxis.com or the company’s blog at http://blog.kinaxis.com/ .
Kinaxis strongly encourages diverse candidates to apply to our welcoming community. We strive to make our website and application process accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at [email protected] . This contact information is for accessibility requests only and cannot be used to inquire about the status of applications.