You're using an older version of Internet Explorer that is no longer supported. Please update your browser.
Teck Resources

Application Security Analyst

Calgary, AB
Full Time
2 days ago
External Job Description
Key Accountabilities:
• Conducting vulnerability assessments and penetration testing in cloud and on-prem environments against applications (web, mobile, APIs and desktops).
• Analyzing vulnerabilities and delivering clear and coherent written reporting, identifying risks, and providing mitigation recommendations
• Design and implement security automation as part of the continuous integration (CI) and continuous delivery (CD) pipeline of key Business teams in order to proactively uncover security vulnerabilities in a shift-left approach
• Design and Implement secure architecture to protect the confidentiality, integrity, and availability of the CI and CD pipelines of key Business teams
• Work effectively with various stakeholders from development, quality assurance (QA), program management, and security teams
• Work with various stakeholders and business teams to provide security automation tools maintenance training
• Build internal knowledge, processes, KPIs, and tools
• Create artifacts for various stakeholders and customers
Key Competencies:
• 5+ cyber security expertise
• Minimum 3+ years experience in application security (preferably with DevSecOps Implementation)
• Understanding of DevSecOps / CI/CD Integration and Agile Security testing methodology
• Good understanding of secure software development lifecycle processes across technologies
• Strong knowledge on methodologies like OWASP , SANS etc.
• Ability to conduct vulnerability assessment and penetration testing using popular tools e.g. Fortify, Veracode, Rational AppScan, BurpSuite, etc.
• Understanding of DevSecOps / CI/CD Integration and Agile Security testing methodology
• Security Certifications preferred - CEH, OSWE, CSSLP, GWAPT
• Experience of at least one cloud platform (Azure, GCP).
• Experience in at least one scripting language (Bash, Python, Ruby etc)
• Experience containerization and Kubernetes
• Experience of automating and templating security processes and documentation for compliance purposes.
• Experience of at least one Infrastructure as Code solution (Terraform, SCALR, Ansible, Chef etc)
Successful candidates must be fully vaccinated against infection by COVID-19. Candidates who are unable to be vaccinated due to a personal characteristic protected under applicable human rights legislation may request to be exempt from this requirement. We will do our best to accommodate those who are unable to be vaccinated.

About Teck
At Teck, we value diversity. Our teams work collaboratively and respect each person's unique perspective and contribution.
We wish to thank all applicants for their interest and effort in applying for the position; however, only candidates selected for interviews will be contacted.
Teck is a diversified resource company committed to responsible mining and mineral development with major business units focused on copper, steelmaking coal, zinc and energy. Headquartered in Vancouver, Canada, its shares are listed on the Toronto Stock Exchange under the symbols TECK.A and TECK.B and the New York Stock Exchange under the symbol TECK.

The pursuit of sustainability guides Teck's approach to business. Teck is building partnerships and capacity to confront sustainability challenges within the regions in which it operates and at the global level. In 2018, Teck was named to the Dow Jones Sustainability World Index (DJSI) for the ninth straight year, indicating that Teck's sustainability practices rank in the top 10 per cent of the world's 2,500 largest public companies in the S&P Global Broad Market Index.
Learn more about Teck at or follow @TeckResources
Your application to this posting is deemed to be your consent to the collection, use and necessary disclosure of personal information for the purposes of recruitment. Teck respects the privacy of all applicants and the confidentiality of personal information.

Job Segment: Program Manager, Developer, QA, Security, Management, Technology, Mining, Quality
Management and Executive