You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Senior DevOps Security Engineer

Toronto, ON
Full Time
6 days ago
What is the opportunity?

Reporting to the Director of Capital Markets IT Risk, DevOps Security Engineer - you will provide technical leadership and execution in the area of application security services for the business and development teams. You will act as the subject matter expert to application developers and executives in terms of application security best practices, tools, processes and landscapes. You would also provide technical input on current, interim and target state Application

Security roadmap and be part of the exciting project management team to execute various Application Security projects to introduce and enhance application security capabilities at RBC CM IT.

What will you do?

  • Further secure our applications by investigating threats and assist development teams to quickly and easily develop new, secure code.
  • Triage and resolve security vulnerabilities in the application layer and work with engineering teams to find and implement solutions
  • Participate in and lead a range of application security activities from Business-as-usual (BAU) application security assessments to organizational changing project enhancements.
  • Lead application security assessments using static analysis (SAST) and third party scanning techniques; including the use of on premise security testing tools and vendor services.
  • Develop, build, implement and support automated integration solutions for tools in scope of DevOps and Automation.
  • Ensure applications are thoroughly security tested using industry best practices prior to promotion to production.
  • Research and keep up to date of application security emerging threats/technologies/trends.
  • Influence and steer the direction of QTS Application Security Roadmap.
  • Conduct application design reviews and guide engineers in building secure microservices that are in-line with our best practices and architecture
  • Educate key organizational stakeholders (e.g. developers, security consultants, executives) on application security matters and impacts on the organization.

  • What do you need to succeed?


  • 2-5 years of demonstrated application development experience in modern programming languages (e.g. Java, .NET, C/C++, JavaScript, JQL, LINUX
  • Shell Script, VB Script, HTML, SQL scripting, Python, Groovy); Must have the desire and willingness to learn/focus in the field of application security.
  • Strong understanding of web and mobile application architecture and development principles.
  • Exposure to application security best practices such as secure coding, security testing techniques.
  • Technical experience with either: SVN, MS TFS, Jenkins, GitHub, UCD, JMeter, CONFORMIQ, SonarQube, SoapUI, Docker, Nexus.
  • Strong communication and organizational skills, ability to multi-task and manage time effectively.

  • Nice-to-Have:

  • CISSP, CSSLP, CEH, GWAPT, GSSP certifications an asset.
  • Knowledge of OWASP, SANS or other security-related practices.
  • Hands on application security assessment experience using BlackDuck/Sonatype NexusIQ, IBM AppScan, Web Inspect, Burp Suite, HP Fortify or other security assessment tools.

  • What's in it for you?

    We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
  • A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
  • Leaders who support your development through coaching and managing opportunities
  • Ability to make a difference and lasting impact
  • Work in a dynamic, collaborative, progressive, and high-performing team
  • A world-class training program in financial services
  • Flexible work/life balance options
  • Opportunities to do challenging work

  • About RBC
    Royal Bank of Canada is Canada's largest bank, and one of the largest banks in the world, based on market capitalization. We are one of North America's leading diversified financial services companies, and provide personal and commercial banking, wealth management, insurance, investor services and capital markets products and services on a global basis. We have over 80,000 full- and part-time employees who serve more than 16 million personal, business, public sector and institutional clients through offices in Canada, the U.S. and 37 other countries. For more information, please visit .

    Inclusion and Equal Opportunity Employment
    RBC is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans status, Aboriginal/Native American status or any other legally-protected factors. Disability-related accommodations during the application process are available upon request.


    City: Toronto
    Address: 155 Wellington St West
    Work Hours/Week: 37.5
    Work Environment: Office
    Employment Type: Permanent
    Career Level: Experienced Hire/Professional
    Pay Type: Salaried
    Position Level: PL08
    Required Travel(%): 0
    Exempt/Non-Exempt: N/A
    People Manager: No
    Application Deadline: 11/30/2020
    Req ID: 280603

    Ad Code(s):
    Information Technology