Job Role: Security Engineer Location : Toronto Canada Type: Fulltime Job Description: - Conducts security risk assessments of applications with respect to design and implementation of system and application code - Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs. - Assist in the development of threat modeling governance documentation. - Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps. - Develops reports for management concerning residual risk and non-compliance. - Monitor and track compliance with application owners to ensure implementation of security controls as planned. - Review issued security controls with application owners to ensure identified requirements are implemented. - Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability. - Assist application owners in filing appropriate security standard exceptions as identified through threat modeling. - Develop, Maintain, update and enhance secure design patterns and secure coding standards. - Develop, Maintain, update and enhance threat libraries. - Socialize secure design patterns and secure coding standards with engineering teams. - Assist application teams with threat modeling consultancy questions. - Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams. - Develop innovative attack techniques to foil protective design and in-place mitigations. - Participate in the development of strategies for information security processes and programs. - Support the investment decision process by developing business cases and cost benefit analysis - Create reports and other materials to assist in prioritizing activities related to various threats to applications. - Recommend resource types and skillsets required to resolve project and process issues. - Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data - Provide ongoing awareness and education of industry efforts and statistics relevant to information security. - Develop and define IT and information security standardized metrics and criteria. - Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations. - Facilitates Agile events that help the team deliver value incrementally and iteratively - Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE. - Supports the team in achieving the PI objectives. - Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.