Systems Security Consultant

Description

Job Summary: Join a purpose-driven winning team committed to results, ensuring comprehensive security in the software development lifecycle through DevSecOps, automation, and AI. Key Highlights: 1. Integrate DevSecOps, automation, and AI for software security 2. Define and apply security policies in the DevOps cycle 3. Train teams on secure coding practices Requisition ID: 254138 Join a purpose driven winning team, committed to results, in an inclusive and high\-performing culture. **Purpose** Ensure comprehensive security throughout the software development lifecycle by implementing DevSecOps practices, automating controls and processes, and leveraging artificial intelligence technologies for threat detection, prevention, and response. Foster a security-conscious and collaborative culture among development, operations, and security teams. **Responsibilities** * Maintain a customer-centric culture across your team to deepen client relationships and leverage the Bank’s extensive relationships, systems, and expertise. * Security Design and Implementation: Define and apply security policies within the DevOps cycle, integrating automated controls into CI/CD pipelines. Implement and maintain static, dynamic, and software composition analysis tools (SAST, DAST, SCA). Automate vulnerability management and remediation using scripts, playbooks, and orchestration solutions. * Automation and Efficiency: Develop and integrate automation solutions for security testing, deployments, and continuous monitoring. Use infrastructure as code (IaC) to ensure secure and repeatable environment configurations. * Artificial Intelligence and Analytics: Apply machine learning techniques and advanced analytics for vulnerability detection, event correlation, and vulnerability resolution. Evaluate and implement AI solutions for alert prioritization and risk prediction. * Culture and Training: Train development and operations teams on secure coding practices and the use of automated tools. Promote adoption of security best practices and shift\-left mindset. * Collaboration and Compliance: Work collaboratively with Risk, Compliance, and Audit functions to ensure adherence to regulatory frameworks (OWASP, NIST, ISO 27001\). Participate in incident management, forensic analysis, and continuous process improvement. * Collaborate effectively with other teams, including Risk, Compliance, and Technology, to implement best practices across various domains. * Audit and strengthen code, existing processes, and automation of security tools (DevSecOps, PrimeCode). * Understand the Bank’s risk culture and how risk appetite must be considered in daily activities and decisions. * Successfully and securely integrate new versions of source code from Systems Engineering applications into the Bank’s and/or Brokerage House’s production environments, in accordance with the institutional Change Control process. * Ensure application changes are traceable, secure, and that only authorized, tested, and correct versions of source code are deployed to the Bank’s and/or Brokerage House’s production environments. **Education / Experience** * Bachelor’s degree in Computer Science, Information Engineering / Information Systems or equivalent experience. * Excellent understanding of information security concepts, protocols, tools, best practices, and strategies. * Experience with common information security management frameworks and best practices from SANS, OWASP, NIST, etc. * Technical Knowledge: Solid foundation in cybersecurity. Experience with DevSecOps tools: Jenkins, Bitbucket CI, SonarQube, Checkmarx, Snyk, Burp Suite, etc. Programming in Python, Bash, PowerShell, and at least one high-level language (Java, C\#, Go, etc.). * Knowledge of Cloud Security (AWS, Azure, GCP). * AI and Analytics: Basic/intermediate knowledge of machine learning, LLMs, TensorFlow, and model training applied to security (anomaly detection, threat classification). * Excellent verbal, written, and interpersonal communication skills, including deep knowledge and understanding of risk, vulnerability, and related concepts as a means to align business needs with security controls. * Comfortably work independently and collaboratively within Lean DevOps cultures. * Desirable experience with NonStop tools (Enform, Pathway, Spoolcom, FUP, SQL, etc). * Desirable knowledge of programming languages (TAL, Cobol, C, C\+\+, TACL) **At Scotiabank, we value the unique skills and experiences each person brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. All employees must comply with the Bank’s policies, standards, codes, and guidelines related to non\-discrimination and workplace accommodations.****”If you require any accessibility accommodation during the process, please inform our Talent Attraction team”** **\*\*Under no circumstances do we request pregnancy or HIV tests\*\*** Location(s): Mexico : Ciudad de México : Miguel Hidalgo Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets. At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.