Application Security Consultant - SCA - Global Security

About The Position

Requirements

• Familiarity with or interest in application security best practices; exposure to secure coding principles
• Experience supporting or working with SCA tools, or demonstrated interest in application security and dependency management
• 2+ years of professional experience developing and consuming REST APIs and applications
• Basic understanding of open-source security; experience managing or evaluating dependencies (will expand expertise on the job)
• Strong proficiency in at least one primary language: Python, Java, JavaScript, or .NET
• Solid understanding of HTTP protocols, API design patterns, and RESTful principles
• Experience working with relational databases and SQL
• Hands-on experience with CI/CD tools and pipelines (Jenkins, GitHub Actions, GitLab CI) and understanding of DevOps and DevSecOps approaches
• Experience with Threat Modelling and Risk Assessment activities
• Understanding of agile methodology (Scrum, Kanban)
• Experience with data visualization or analytics tools
• Knowledge of software design patterns and SOLID principles
• Knowledge of OWASP, SANS, or other security-related frameworks
• Passion for or demonstrated interest in application security and secure coding practices
• Willingness to learn and grow in application security specialization
• Strong ability to manage client and stakeholder relations
• Strong problem-solving skills and attention to detail
• Ability to work collaboratively in an agile, cross-functional team environment
• Excellent communication and documentation skills

Nice To Haves

• Understanding of testing frameworks and test-driven development (TDD)
• Experience with NoSQL databases (MongoDB, DynamoDB, etc.)
• Familiarity with message queues or event-driven architecture (Kafka, RabbitMQ)
• SAST/DAST testing tools and techniques
• Penetration testing experience
• Cloud platforms (AWS, Azure, GCP)
• Containerization and microservices (Docker, Kubernetes)
• Code quality and security tools (SonarQube, static analysis, code coverage)
• Monitoring and logging tools (ELK stack, Datadog, New Relic)
• Caching technologies (Redis, Memcached)
• Contributions to open source projects
• Experience with system design and scalable architecture
• Knowledge of distributed systems concepts
• Demonstrated experience leveraging AI platforms (ChatGPT, OpenAI, Claude) to enhance productivity, automate workflows, and generate insights

Responsibilities

• Support end users of application security testing tools, managing tickets through a ticketing platform
• Prioritize and triage SCA scan results, communicating needs and recommendations to application teams
• Act as a primary point of contact for application teams, bridging security and development functions
• Drive security practices and improve security posture across the enterprise by working with application development teams
• Educate key organizational stakeholders (developers, security consultants) on application security matters and open source vulnerabilities
• Assist in the integration of application security processes and tools into existing enterprise development processes and pipelines
• Participate in and lead a range of application security assessment activities
• Contribute to the design and implementation of application security testing workflows and troubleshoot tool configurations and resolve scanning issues
• Design and develop RESTful APIs following best practices, security standards, and industry guidelines
• Write clean, maintainable code for data processing, manipulation, and analysis
• Leverage open source packages and libraries responsibly, understanding their security implications and vulnerabilities
• Collaborate with senior developers, security consultants, and cross-functional teams to deliver quality solutions and advance security initiatives
• Participate in code reviews and contribute to continuous improvement of security and development practices
• Debug and troubleshoot applications to resolve security and functional issues efficiently
• Document code and maintain technical documentation including security considerations
• Contribute to the full software development lifecycle from design through deployment, with security integration
• Proactively solve problems to ensure application development teams can effectively use the latest application security testing tools
• Research and keep up to date on application security emerging threats, techniques, tools, and trends
• Participate in system design discussions and architectural decisions with a security lens
• Learn from and mentor with senior security and development team members to continuously improve your security expertise
• Work in a diverse environment leveraging team members' experience and knowledge

Benefits

• bonuses
• flexible benefits
• Competitive compensation
• stock opportunities
• Leaders who support your development through coaching
• Ability to make a lasting impact on RBC's security posture across the enterprise
• Work in a dynamic, collaborative, high-performing security and development team
• World-class training in financial services and application security
• Flexible work/life balance options
• Opportunities for challenging work in a hybrid environment