Senior Security Specialist

We are looking for a full-time Senior Security Specialist to join our team in Calgary, Alberta; however, this role can be remote from other locations in Canada. 

The successful candidate has deep technical experience across different application and enterprise security domains, and has hands-on experience using cutting-edge security applications. Moreover, the candidate wants to take their knowledge and experience to the next level. They will help lead policy and governance activities. The candidate will work horizontally and vertically throughout the company to plan and execute security initiatives, including policy and governance.  The successful candidate will have well-developed soft skills which will allow them to represent the company to external partners when the occasion calls for it; but on a day-to-day basis, this role requires hands-on ownership over all aspects of our security posture.  This is a tremendous opportunity for a well-rounded professional to directly impact the growth of a high-velocity startup.

What You'll Be Doing:

• Work closely with the Product and Engineering teams to ensure  that all products are aligned with application security, enterprise security and compliance best practices

• Consult across departments to maintain our policy and governance requirements

• Act as a Cybersecurity Subject Matter Expert (SME) and provide input to enterprise  IT processes. For example, the candidate will be the cybersecurity representative in the Change Management process and will ensure that all changes meet security standards & requirements

• Assist in enhancing the current Enterprise security controls and requirements

• Conduct periodic risk assessment across the enterprise and products

• Support in the development of revisions to cybersecurity documents such as policies, standards, guidelines, and/or technical procedures

• Be a key resource in DevSecOps practices. You will be working along the DevOps team to develop and maintain security automation in the CI/CD pipeline and in testing environments

• Actively participate in the following domains: Incident Response, Identity & Access Management, Threat Intelligence, Crisis Management, Data Security, Vendor Risk Management

• Support client side team on completing RFPs or security due diligence documents

• IT responsibilities such as access/role management and remote device monitoring

Qualifications:

• 7+ years of demonstrable working experience in cloud application security as well as enterprise security.

• Hands-on experience in most of the following domains: Logging & Monitoring, Vulnerability Management, Information Security, Penetration Testing, Digital Forensics, Network Security.

• Hands-on experience in using enterprise-tools used for SAST, DAST, and SCA.

• Knowledge of practices and frameworks such as: Agile, DevOps, OWASP ASVS, OWASP Top 10, OWASP API, NIST CSF, ISO 27001/27002, SOAR, SOC

• Have experience working as a Software Developer and/or be familiar with modern agility-based development practices 

• Fintech or Financial Services experience is strongly preferred but not required.

• Relevant cybersecurity certifications are a bonus.

• Culture: It’s fun, rewarding, face-paced - and we build cool stuff, too! Learn more here: https://www.onevest.com/company/culture
• Vacation: 5 weeks of vacation
• Flexibility: A flexible, dog-friendly, hybrid working environment
• Health & Wellness: Comprehensive Group Health, Dental and Vision Benefit Plan right from the start
• Equity: Employee Stock Option Purchase Plan 
• Opportunity: An environment where you are recognized and growth opportunities are available

Sound like a good fit? Apply today! 

Don’t meet every single requirement? We encourage you to apply anyways. At OneVest, we're dedicated to building a diverse, inclusive, and authentic workplace. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we would still like to review your resume. You may be just the right candidate for this or other roles.