The Canadian Digital Service (CDS) is tasked with changing how the federal government designs and delivers digital services, to reduce the risk of product failure, lower costs, ensure user privacy and system security, and, above all, improves people’s lives by putting their needs and concerns front and center.
We believe every experience Canadians have with their government should meet or exceed their reasonable modern expectations that digital services be safe, fast, easy, transparent, and accessible. Working in the open, we’re building capacity across the government for better service delivery. And we need you. We’re hiring a Senior Application Security Developer. While we have locations in Ottawa, Montreal, Toronto, and Kitchener; we largely work distributedly and equally value candidates in other parts of Canada.
This position reports to the Lead Security Developer of the Infrastructure, Security and Technical Support (ISTS) team. We work in small multidisciplinary agile teams utilizing a modern, forward-thinking approach to security. We focus on self-service tooling, proactive security monitoring and providing the education required to solve cross-cutting cyber security challenges across CDS. Senior Application Security Developers are classified as IT-04 (previously CS-04 in the Computer Systems group.
You’ll need to accomplish the following things:
As a Senior Application Security Developer you’ll play a leading role in driving the direction of our security engineering capability and shape the tools that we create, ensuring they’re reliable, supportable, maintainable and aligned to industry best standards.
You will also:
- plan, prioritize and deliver security tools and solutions
- lead application security reviews and threat modeling, including code review and dynamic testing
- guide and advise product development teams as subject matter expert in the area of application security
- correctly balance security risk and product advancement
- maintain and participate in operational support rotas, including our out-of-hours on-call rota
We’re interested in people who:
- understand that security isn’t just a technology problem
- have successfully delivered effective technology solutions that reduced risk and improved the security of an organization
- Exposure to DevOps (Terraform, Github) and DevSecOps tools & Security Automation frameworks (SAST, DAST, IAST, SCA, Pentesting, Manual Code reviews, SSDLC, WAF and Bot Protection tools tuning and Hardening, Threat Modeling)
- Knowledge of AWS
- have an active interest in developing people, both personally and professionally
- can effectively operate at a strategic level in setting goals and long-term roadmaps, as well as in a technical hands-on capacity
We’ll evaluate you based on:
We will be looking at your experience, career history and achievements that are relevant to the specific job role. We may assess your ability, strength, experience, technical/specialist skills and behaviors.
- strong understanding and experience with common security libraries, security controls, and common security flaws
- strong understanding of the web’s architecture
- strong development or scripting experience and skills. You’re able to significantly and effectively contribute to the product and its security
*A pool of qualified persons resulting from this process MAY be created and MAY be used to fill similar positions, with linguistic profiles (english essential, bilingual imperative BBB/BBB, bilingual imperative CBC/CBC, as well as tenures (indeterminate, deployment, acting, assignment, secondment, specified period) which may vary according to the position being staffed.
At CDS, we don’t just accept difference - we celebrate it. We proudly, passionately, and actively strive to make CDS more reflective and inclusive of the society that we serve. Our ability to deliver better public services — accessible, inclusive services — can only be realized if we can recognize and harness the most diverse range of thoughts, experiences, and skills. We work hard to create an environment where different perspectives and experiences are valued. We are committed to helping diverse talent thrive.
CDS welcomes all applicants regardless of race, ethnicity, religion, sexual orientation, gender identity or expression, national origin, disability, age, veteran status, marital status, pregnancy or family commitments. We are committed to providing an inclusive and barrier-free work environment, starting with the hiring process. If you need to be accommodated during any phase of the evaluation process, please use the Contact information below to request specialized accommodation. All information received in relation to accommodation will be kept confidential. Assessment accommodation