Security Engineer I (Application Security Engineer)

OverviewWant to use your expertise to connect to an IT career with a difference? Join our team as a Security Engineer I and help shape the future of secure applications that protect millions of British Columbians. Your expertise will ensure safe workplaces and innovative digital solutions in a dynamic, collaborative environment.In this role, you’ll leverage your understanding and experience of application security engineering practices and vulnerabilities to provide guidance on application security design and development. You’ll work closely with cross-functional development and innovation teams to understand business goals, determine security requirements, design, and implement application and data security solutions. You’ll be a key contributor to support the team’s delivery and continuous improvement by assisting others with their work and being the champion of IT application security through your contribution to our security community of practice.How you’ll make a difference: As a Security Engineer I at WorkSafeBC, you’ll be using leading-edge technology to help connect British Columbians to healthy and safe workplaces.Where you’ll workAt WorkSafeBC, we offer a hybrid work model that combines working remotely, and in our offices based on the operational needs of the position.What you'll doAs an Application security engineer I you will: • Develop and maintain application secure coding standards, cloud security configurations and practices according to the industry best practices • Perform design, development, integration and sustainment of security assessment tools i.e. Burpsuite, Mend, SonarQube, etc. to review applications built by development teams • Review the product/application designs (including AI technologies) by performing threat modelling for the identification and mitigation of security threats • Perform validation and tuning of security testing tools use for SAST, DAST, SCA e.g. BurpSuite, SonarQube, Mend to provide accurate and actionable results • Work closely with senior security engineers to conduct security reviews of cloud technologies, software code (.Net, C#, Python, etc.), products and application code • Conduct penetration testing of internal and external web applications to identify vulnerabilities. • Work on implementing security controls in the cloud platforms and services i.e. Azure security policies, Microsoft Foundry security policies, etc. • Consistently models the appropriate level of organizational behaviours expected of all WorkSafeBC employees: responsive, respectful, fair, collaborative, accountable, and forward thinking. Is this a good fit for you?We’re looking for someone who can: • Communicate effectively both verbally and in-writing with cross-functional teams to provide feedback on product and design improvements from cybersecurity perspective • Support and work with cross-functional teams in a dynamic Agile and DevOps environment • Provide guidance to application developers on secure coding practices and secure configurations of cloud technologies. • Understand security tools and platforms to identify vulnerabilities in cloud platforms, software products, and application code • Think critically through complex problems and make decisions that may impact multiple levels of business, projects, or programs • Be familiar with cybersecurity frameworks i.e. NIST, OWASP top 10, etc. • This position requires regular and punctual attendance. Your experience and educational background: • Undergraduate degree in Computer Science or STEM (Science, Technology, Engineering or Math) • A minimum of 4 years of work experience focused on information security and secure application development. The following requirements are preferable but not mandatory: • Experience working in an Agile/DevOps environment We’ll consider an equivalent combination of education and experience.Important to knowBefore we can finalize any offer of employment, you must: • Consent to a criminal record check • Confirm you’re legally entitled to work in Canada WorkSafeBC’s COVID-19 Employee Mandatory Vaccine Policy (the “Policy”) is suspended effective January 9, 2023, however we reserve the right to re-implement it in response to changes in the public health landscape, including public health orders. We are committed to the protection, health, and safety of our employees and our Communicable Disease Prevention Program and related protocols remain in effect.Who we areAt WorkSafeBC, we promote safe and healthy workplaces across British Columbia. We partner with workers and employers to save lives and prevent injury, disease, and disability. When work-related injuries or diseases occur, we provide compensation and support injured workers in their recovery, rehabilitation, and