We are

At Synechron, we believe in the power of digital to transform businesses for the better. Our global consulting firm combines creativity and innovative technology to deliver industry-leading digital solutions. Synechron's progressive technologies and optimization strategies span end-to-end Artificial Intelligence, Consulting, Digital, Cloud & DevOps, Data, and Software Engineering, servicing an array of noteworthy financial services and technology firms. Through research and development initiatives in our FinLabs we develop solutions for modernization, from Artificial Intelligence and Blockchain to Data Science models, Digital Underwriting, mobile-first applications and more. Over the last 20+ years, our company has been honored with multiple employer awards, recognizing our commitment to our talented teams. With top clients to boast about, Synechron has a global workforce of 14,500+, and has 58 offices in 21 countries within key global markets.

Our challenge

We are seeking a skilled IT Risk & Cybersecurity Analyst with a strong background in identifying and mitigating cybersecurity threats. The ideal candidate will possess expertise in risk assessment methodologies, vulnerability management, and incident response. A solid understanding of network security principles, data protection regulations, and security frameworks is essential.

Candidates should have experience with security tools and technologies, including firewalls, intrusion detection systems, and security information and event management (SIEM) solutions. Proficiency in analyzing security incidents, conducting audits, and developing risk management strategies is crucial. Additionally, knowledge of web application security, including common attack vectors and effective protective measures, is vital for safeguarding organizational assets and ensuring compliance with industry standards.

Additional Information

The base salary for this position will vary based on geography and other factors. In accordance with law, the base salary for this role if filled within Toronto, ON is CAD $90k - CAD $100k/year & benefits (see below).

The Role

Responsibilities:

• Build and lead a specialized security engineering team dedicated to direct vulnerability remediation primarily within application code, container environments (Docker, Kubernetes), cryptography, infrastructure-as-code (IaC), and system hardening.
• Implement and manage technical security solutions and automation focused on container security scanning results, software vulnerability remediation, and insider threat detection.
• Collaborate closely with development teams to directly address vulnerabilities identified by security testing tools (SAST, DAST, IAST, SCA).
• Design, implement, and manage an insider threat risk monitoring program, including user behavior analytics, anomalous activity detection, and continuous oversight of critical application logs to detect and investigate suspicious activities.
• Conduct hands-on remediation of application vulnerabilities aligned with OWASP Top 10, SANS 25, and enforce secure coding best practices.
• Drive integration of security remediation and insider threat detection capabilities into CI/CD pipelines, enhancing DevSecOps effectiveness.
• Communicate technical remediation progress, insider threat detection initiatives, issues, and achievements clearly to senior stakeholders and management.

Requirements:

• 10+ years of experience in software development and cybersecurity engineering roles, with significant hands-on expertise in application vulnerability remediation, container security, secure coding practices, and insider threat detection.
• Proficiency technical experience with scripting languages (e.g. Python, PowerShell, etc.) and familiarity with multiple programming languages (e.g. Java, C#, C++, SQL, etc.) for software development and vulnerability remediation.
• Extensive hands-on experience with application security testing tools (SAST, DAST, IAST, SCA) and direct remediation activities.
• Technical expertise with container security (Docker, Kubernetes), infrastructure-as-code (IaC) security (e.g. Terraform), vulnerability remediation, insider threat detection, and security automation tools.
• Strong architectural knowledge, comprehensive understanding of secure software development lifecycle (SSDLC) practices, and familiarity with OWASP Top 10, SANS 25, and threat modeling methodologies.
• Relevant security certifications (CSSLP, GWAPT, OSCP, CISSP, or equivalent).

We offer:

• A multinational organization with 58 offices in 21 countries and the possibility to work abroad
• 15 days (3 weeks) of paid annual leave plus an additional 10 days of personal leave (floating days and sick days)
• A comprehensive insurance plan including medical, dental, vision, life insurance, and long-term disability
• Flexible hybrid policy
• RRSP with employer's contribution up to 4%
• A higher education certification policy
• On-demand Udemy for Business for all Synechron employees with free access to more than 5000 curated courses
• Coaching opportunities with experienced colleagues from our Financial Innovation Labs (FinLabs) and Center of Excellences (CoE) groups
• Cutting edge projects at the world's leading tier-one banks, financial institutions and insurance firms
• A truly diverse, fun-loving and global work culture