As a member of CGI’s Global Security team, the candidate will play an integral role in defining and assessing the organization's application security strategy, architecture and practices. The candidate will work within a multi-disciplinary Cyber Security Architecture team to support business units and corporate functions to assess, develop and implement solutions that are aligned with CGI security policies, strategy and requirements.
Your future duties and responsibilities:
•Provide guidance on application security architecture, DevSecOps best practices & solutions to help business units to build & deliver solutions that meet CGI security requirements
•Develop threat models and maturity assessments that can be used to integrate CGI security requirements into projects & operations
•Create an application security observability framework to enable greater GSOC visibility by identifying best practices for logging within common application architectures
•Define and conduct application security threat and risk assessments with methodology for all deployed solutions with ability to integrate into development pipelines
•Conduct Secure SDLC workshops and working groups to facilitate a globally consistent set of security baselines for application security
•Advocate for AppSec and DevSecOps from research conducted into modern threats and new technologies such containerization and serverless computing
•Liaise with other security architects and global business units to communicate CGI security practices and processes
•Support identification, training, and partnership with champions for security across CGI to build a security first culture
•Support security champions by helping them assess risk, learn to identify architectural gaps, and similar activities
•Support development of training related to application security, security architecture, threat modeling, and secure coding
Required qualifications to be successful in this role:
•Experience with the full secure software or systems development life cycle, including requirements analysis, design, integration, testing, and implementation
•Knowledge of Application Security, DevSecOps, integrating security into CI/CD
•Hands on experience with application security testing tools and findings remediation
•Experience collaborating with developers to explain testing vulnerabilities so they can be resolved
•Experience with industry security standards and regulations (ISO 27001/02, NIST 800 series, GDPR, etc.)
•Knowledge of security and risk management techniques as well as emerging threats and vulnerabilities
•Knowledge of OWASP, Static and Dynamic Analysis, vulnerability management
•Experience in software design, or knowledge of modern DevOps processes
•Experience with application security in the Cloud - Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform
•Ability to develop threat models and participate in security walk-throughs
•Be able to lead multiple technology groups to ensure that the application, integration and security architectures are designed to meet evolving business requirements, standards for reliability, scalability and availability and align with the organization’s technology and security roadmaps
•Strong leadership and facilitation skills with an ability to build relationships with stakeholders
•Excellent oral, written and interpersonal communication skills; proven ability and interest to conduct research, develop technical products in both written format and with presentations to subject matter experts and leadership
•Highly self-motivated, self-directed and attentive to detail
•A University Degree in engineering, computer science or similar technical related area, with a minimum of 6-8 years' experience in AppSec role
•Relevant security certification(s), preferably in AppSec, including but not limited to CISSP, CCSLP, GIAC, OCSP, GPEN, etc. will be good to have
What you can expect from us:
Insights you can act on
While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.
When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees "members" because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.