We are looking for a Product Security Developer/Analyst . The ideal candidate will use their extensive knowledge of security coding best practices within the software development lifecycle to raise bar security bar across all of Absorb's product development teams.
Founded in 2003, Absorb Software is a learning technology company, headquartered in Calgary, with offices in Boston, Dublin, London, and Sydney.
Absorb LMS is our award-winning, flagship product for businesses and higher education institutes around the world.
You might not know what a learning management system is, but you've probably used one; maybe for a safety course or corporate policy video. Now imagine it's awesome—'not snooze-worthy— and you're starting to get the idea!
We're a team of savvy professionals channeling our youthful spirit into industry-leading technology. As a diverse group of talented people from all walks of life, we're about as far from "corporate" as it gets. We believe in a fun, open and modern work environment with benefits and initiatives that have us ranked as one of Canada's Top Small & Medium Employers. Sounds like a place you'd want to work, right?
Why work at Absorb Software:
All the perks:
- Paid parking
- Full benefits (health, dental and vision)
- Employer matching GRSP program
- A creative space designed to encourage collaboration
- Quality snacks - not kidding
Our office is located inside the Atlantic Avenue Art Block, directly above Bite Groceteria and Cafe Gravity. Located in the vibrant community of Inglewood, an historic area home to many restaurants, shops and art & culture venues. Just minutes away from downtown Calgary but able to skip the downtown traffic.
A creative space:
- Lively Open Concept workspace
- Eight Xbox One consoles with seating for 16
- Foosball and table hockey
Primary Duties and Responsibilities:
Increase security awareness across the product team:
- Provide guidance and technical leadership to team members with respect to application security taking teaching opportunities as much as possible.
- Lead technical discussions on security topics.
- Perform code reviews/audits with a focus on security best practices.
- Lead product team members through threat modeling exercises.
- Train QA and Developers on specialized security testing tools and techniques using security testing tools like Burp Suite/Zap Proxy.
Hardening the software development process:
- Implement elements from the Microsoft SDL into current Production development processes.
- Maintain and improve usage of static code analysis and automated security scanning tools.
- Review, and analyze, and provide recommendations on third party tools, libraries, and vendors from a security perspective.
- Design process and security controls to ensure best practices are followed and understood by developers when working with sensitive data.
Incident Response and Reporting:
- Analyze, confirm, and assess the risks of any reported security vulnerabilities assessing information security exposures.
- Perform penetration testing of applications and infrastructure with a focus on application code and services and also engage third parties to perform penetration tests.
- Analyze security incidents to determine their root cause and recommend remediation actions.
- Help develop and maintain proactive monitoring rules for security events and incidents using tools like SumoLogic/Splunk.
- Provide expert knowledge to assist with the development and maintenance of corporate principles, policies, and procedures related to information security.
- Fix vulnerabilities and deficiencies with security controls in the application code and ensure automated tests exist to verify fixes where possible.
- Solid understanding of Secure Software Development Lifecyle (SSDLC), threat modelling and OWASP standards
- CISSP or similar accreditation
- Working knowledge with Identity Management/SSO (Oauth, OpenID Connect, SAML)
- Excellent report writing and communication skills.
- Ability to work well independently and with a team.
- Effectively communicate technical concepts to non-technical stakeholders.
- Ability to manage time effectively between tasks with different priorities.
- Able to effectively communicate directly with external customers and vendors.
- Knowledge of SOC-2, ISO 27001 and PCI
- Working knowledge of Microsoft SDL
Applicants must be able to provide proof of legal authorization to work in Canada and for Absorb Software Inc.
Job Type: Full-time
- SSDLC, threat modelling and OWASP: 3 years (Preferred)
- Microsoft SDL: 3 years (Preferred)