Insight Global is looking for an Application Security Engineer to join one of Canada's largest athletic apparel retailers, lululemon, located in Vancouver, BC on a 6-month contract + extensions. The Enterprise Engineering team at lululemon focuses on educating, instilling, and supporting the core engineering principles across the organization. As part of this team, you'll be essential in introducing and driving security tooling, process and standards across the Technology org. A passion for security, technical understanding, and the ability to understand technical concepts is a must in representing the value of the security cultural shift clearly and concisely.
Your responsibilities will include working with principal architects and technology leads to create and define enterprise security standards in this role. A significant component of your time will involve qualifying security tools and defining and documenting security processes and standards to a level of detail ready for Enterprise delivery. You will work across all lulu software engineering teams to implement and support the solutions your team creates. In addition, you will provide consultancy and act as an SDLC security advisor across the technology organization. And to keep current with evolving threats and be an influence on our security roadmap, you will stay abreast of industry best practices, technologies, architectures, trends, and emerging technologies. You will be part of a newly formed team, empowered to request and participate in meetings to understand and review the current security risks so that you can introduce and update security practices in the lulu engineering community. A day in the life
Design, assess, and review application security architecture.
Discover, analyze, and address security issues within our environment Penetration testing, red teaming, and purple teaming
Champion security programs and training within our engineering teams
Compile and maintain application security best practices documentation (e.g. OWASP Top 10)
Develop processes and tooling to improve application security while tracking outcomes and metrics to ensure goals are achieved
Assist with the design and development of our application security program
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
5 years of experience of Application Security experience; mainly supporting Web Applications
Excellent understanding of Web technologies (JavaScript, HTTP, SSL, Headers, Cookies, TCP, Caching)
Experience with standard Web Application testing tools for DAST and SAST, etc
Experience in Web Application Penetration Testing using Burp Suite or similar tools
Expert-level knowledge in the OWASP Top 10 vulnerabilities and remediation best practices.
AWS and Azure experience Security & Infrastructure
Familiar with cloud security controls: AWS Security Hub, Config, GuardDuty, Macie, and AWS Firewall Manager; and Azure Security Center
Some experience working with Jenkins, Docker, Python, Java would be a plus.
Strong Linux skills, especially experience running web servers
Exposure to task management software such as JIRA, etc.
Experience with some of the following Products, Oracle ATG, Adobe AEM/CQ
Ability to design secure and scalable systems design in the cloud.
Worked with an enterprise application container Java framework such as Tomcat, WebSphere, WebLogic.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.