An Initial AI Screening will be conducted for this role.

Contract Duration: 6 months

Typical Day in Role: The incumbent is responsible for supporting the Senior Manager, Director, CIO, and CSO in achieving enterprise security strategic goals through various processes, including: Contribute to the success of our cloud transformation by supporting the review and triage of the findings flagged by Cloud-Native Application Protection Platforms (CNAPP). Develop and/or enhance strategies and processes to manage the security vulnerabilities and threats for cloud-native applications. Develop and/or enhance reporting to development teams, and all levels of management to provide proper tracking and measurement of remediation relative to established objectives. Leverage AI-assisted capabilities to support the triage and prioritization of CNAPP findings, improving signal-to-noise ratio and accelerating identification of true risk across cloud environments. Collaborate with stakeholders across the Bank — you will work closely with Development and Engineering, DevOps, Cloud, Application Security, and other application owner teams across the organization to deliver Cloud Security capabilities for the Bank. Utilize AI-driven insights and tooling to analyze cloud misconfigurations, identify root causes, and recommend effective remediation strategies. Review and recommend remediations for Cloud Workload Protection Platform (CWPP) vulnerabilities, and Cloud Security Posture Management (CSPM) findings. Recommend, design, implement, deploy, and maintain Application Security controls required to protect Scotiabank and its customers. Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk. Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions

Must Have Skills:

1. 10+ years relevant working experience in IT (development, DevOps, cloud security etc.)
2. 4+ years experience with popular CI/CD tools and processes like BitBucket/GitHub, Jfrog Artifactory, Jenkins, Azure DevOps, GitLab CI/CD, CircleCI.
3. 2+ years experience with Cloud Security domains like CNAPP, CWPP, CSPM and/or tools like SCCE, CrowdStrike, Prisma Cloud, Aqua Enterprise, MS Defender etc.
4. 5+ years experience with documenting process, procedure, and user guide.

Nice-To-Have Skills: GCP PCSE Certification Experience with large organization cloud transformation. Experience as a DevSecOps Engineer, with demonstrated experience in security integration, automation of security processes, risk assessment and mitigation. GCP/Azure experience

Soft Skills Required: Excellent communication skills and skills in triaging and analysis of issues for all development teams. Proficient at collaborating with various stakeholders to achieve the objectives assigned.

Education: Undergrad or equivalent experience, valuing work experience more.

FP Inc. is committed to creating an inclusive environment where all team members and clients feel like they belong. In accordance with the requirements set out in the Employment Standards Act, FP Inc. hereby declares that AI is utilized in the screening process for this position. The hourly compensation range for this role is $70/hr -$83/hr. We seek applicants with a wide range of abilities, and we provide an accessible candidate experience. We advocate for you and welcome anyone regardless of race, colour, religion, national origin, sex, physical or mental disability, or age.