×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
IT Consultant Cybersecurity

Senior Lead, AppSec and CloudSec Operation

Job in Toronto, Ontario, M5A, Canada
Listing for: Scotiabank
Full Time position
Listed on 2026-03-07
Job specializations:
  • IT/Tech
    IT Consultant, Cybersecurity
Job Description & How to Apply Below

Is this role right for you?

In this role, you will:
  • Collaborate with stakeholders across the Bank – you will work closely with development and engineering, Dev Ops, cloud, application security and other application owner teams across the organization to deliver Application Security capabilities for the Bank.
  • Recommend, design, assess, implement, deploy and maintain App Sec controls required to protect Scotiabank and its customers.
  • Be responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
  • Be esponsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
  • Be responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner
  • Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.

    • Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

  • 7+ years’ relevant working experience in IT (cloud security, application security, etc.).
  • 5+ years’ experience with documenting process, procedure, and user guide.
  • 5+ years’ experience practicing application security (SAST, DAST, SCA, MAST) throughout the Secure Software Development Lifecycle (SSDLC), with demonstrated experience in vulnerability assessment, security integration, automation of security processes, risk assessment and mitigation.
  • 2+ years’ experience with popular CI/CD tools and processes like Bit Bucket/Git Hub, Jfrog Artifactory, Jenkins, Azure Dev Ops, Git Lab CI/CD, Circle

    CI.
  • Excellent communication skills and good support skills for triaging and analysis of issues for all development teams.
  • Proficient at collaborating with various stakeholders to achieve the objectives assigned.
  • A strong understanding of multi-tier Web Applications, web services, and related vulnerabilities and potentials threats. Staying abreast of information provided by recognized organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures).
  • A comprehensive understanding of web application architecture and development throughout the Secure Software Development Lifecycle (SSDLC).
  • A comprehensive understanding of the HTTP protocol and Web Programing for multi-tier web applications and web services.
  • Experience with more than one of the following languages:
    Java, Swift, Kotlin, React, Angular, JS, Ruby, Python, C# and Node JS.
  • Experience performing source code reviews manually or using analysis tools is essential. Analysis tools such as:
    Fortify SCA, Sonar Qube, Black Duck, Checkmarx, Snyk, Web Inspect etc
  • Experience in an Agile development workshop and leveraging tools such as Confluence, JIRA, Bit Bucket, Gradle, Maven and Jenkins are essential.
  • Knowledge of technologies and processes such as Agile Software Delivery, Continuous Integration and Continuous Delivery, Dev Ops, Git Ops, Cloud Native Technologies including Docker Containers, Kubernetes, and Deployment Automation & Orchestration.
  • The ability to generate reports and tailor their communication strategy for various levels of technical staff, executive management, and business clients. Experience on reporting tools such as Cognos, Jasper Report and Microsoft Power BI would be an asset.

    • Education Experiences:

  • CISSP and/or CISA designation are beneficial but not required.
  • CEH, OSCP, OSWE designation are beneficial but not required.
  • University degree or college diploma, and a minimum of five (5) years equivalent security industry-related experience required

    • What's in it for you?

  • Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide…
    • Position Requirements
    10+ Years work experience
    Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search