Information Security Developer
Vancouver, BC, Canada
We’re looking for an Information Security Developer to help us secure our product and corporate technologies. You’ll be working on identifying and recommending fixes for security bugs, design, develop and deploy security technologies, perform code reviews & penetration tests and provide advisory & guidance on security solutions.
WHAT YOU’LL DO:
- Work closely with software development staff to develop tools and practices to support Hootsuite’s Secure SDLC and controls framework
- Develop significant security engineering components from inception to production with minimal oversight and guidance
- Support the technical components of our incident response team by executing operational runbooks as required
- Support and advise the Production DevOps teams in the design and implementation of a secure cloud hosting platform
- Recommend and deploy tooling to manage security in the delivery pipelines as well as production systems
- Conduct security assessments of applications by doing code reviews and provide mitigation recommendations
- Perform penetration tests of applications using manual and automated methods to identify vulnerabilities
- Provide advisory on security bug remediation to development staff and other security staff
- Provide security awareness training to highly technical development and development operations staff
- Participate in Hootsuite’s security incident on-call rotation schedule
WHAT YOU’LL NEED:
- Degree or Diploma in Computer Science or Engineering, along with cloud engineering certifications or willingness to obtain
- Intermediate-level experience in one or more of the following roles - application architect, system architect, software developer, system administrator
- Prior experience as a software developer is an asset or having the ability to read and understand PHP, Scala and Golang source code
- Experience working in a cloud (preferably AWS) environment with CI/CD along with extensive familiarity with Unix / Linux based operating systems
- Solid understanding of application and database security concepts and architectural principles around authentication, authorization, session management, configuration management, data handling and cryptography
- Thorough understanding of web and mobile application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities
- Experience in providing solutions to and leading numerous security vulnerability remediation activities
- Specific experience in dynamic application security testing using techniques and tools like Burp Suite, Nikto, Appscan, Paros, Fiddler, WebInspect, Skipfish, etc.
- Collaboration and Teamwork: works with others to deliver results, meaningfully contributing to the team and prioritizing group needs over individual needs
- Creativity and Innovation: seeks new and better ways of doing things, generates original and imaginative ideas, products, or solutions
- Customer Focus: demonstrates a desire to proactively help and serve internal/external customers meet their needs
- Open Communication: clearly conveys thoughts, both written and verbally, listening attentively and asking questions for clarification and understanding
- Problem Solving: uses an organized and logical approach to find solutions to complex problems. Looks beyond the obvious to understand the root cause of problem
- Challenges and supports others to create results but also develop new capabilities. Successfully develops the capacity and capability of team and individuals on the team
WHO YOU ARE:
- Tenacious. You are determined to succeed, and you are motivated by the success of customers, colleagues and the community.
- Curious. You are always learning and seeking ways to make things better.
- Conscientious. You keep your promises, taking your commitments to others seriously, and you have strong integrity.
- Humble. You lead with humility and empathy, respecting and learning from the perspectives of others.
Share our values: We champion the power of human connection. We’re united globally by our shared values of innovation, grit, humility, and passion for customer success.
Make an impact: Working at the speed of social, we create value for our customers by delivering solutions that power relationships at scale. Our pace of work enables fast learning and fosters an environment where you can stretch yourself and make an impact.
Learn and grow: We’re committed to growing the capabilities of our people. We are building a learning community where you can work with diverse individuals, explore new ways of thinking, and expand your capabilities. Our employees are teachers and learners who work out loud and share their knowledge to enhance each other’s growth.
We are dedicated to building a diverse community, one where employees feel a sense of belonging, and are valued for their contributions and the perspectives they bring. Our purpose is to champion the power of human connection and the heart of connection is inclusion. You belong here.
Accommodations will be provided as requested by candidates taking part in all aspects of the selection process.
Your application has been successfully submitted.