Address
Form of work
Salary Date Posted: 12/08/2023
Req ID: 35297
Faculty/Division: Library
Department: Info. Technology Service
Campus: St. George (Downtown Toronto)
Position Number: #
Description:
About us:
The University of Toronto Libraries system is the largest academic library in Canada and is consistently ranked in the top ten among academic research libraries in North America. The system consists of 42 libraries located on three university campuses: St. George, Mississauga, and Scarborough. This array of college libraries, special collections, and specialized libraries and information centres supports the teaching and research requirements of over 300 graduate programs, more than 70 professional programs, and about 700 undergraduate degree programs. In addition to more than 15 million volumes in 341 languages, the library system currently provides access to millions of electronic resources in various forms and over 31,000 linear metres of archival material. More than 150,000 new print volumes are acquired each year. The Libraries' data centre houses more than 500 servers with a storage capacity of 1.5 petabytes.
Your opportunity:
Reporting to the Manager, Digital Library Applications, the Senior Application Security and QA Engineer will play a key role in shaping the Application Security culture at UTL ITS. The successful candidate will play a key role in establishing Application Security best practices throughout the software development lifecycle and mentoring the development team accordingly. They will establish automated software testing and QA workflows, coordinate with service owners and developers to create and execute end-to-end testing and security and take a proactive role in identifying and mitigating security concerns for digital library applications managed by the department. They will also establish and foster key strategic working relationships with the Enterprise Infrastructure (EI) team within the department as well as the Information Security and Enterprise Architecture (ISEA) team at Central IT to uphold and maintain strong Application Security.
Your responsibilities willinclude:
-Analyzing, recommending, and designing highly complex software architecture
-Writing complex technical code
-Evaluating programming code to ensure it has validity, compatibility, and that it meets appropriate standards
-Leading and planning IT projects
-Developing project schedules including milestones, critical path, timelines, deliverables and reporting
Essential Qualifications:
-Bachelor's Degree (Computer Science or related field) or acceptable combination of equivalent experience.
-Minimum five years.
-Demonstrated experience and knowledge in modern front-end and back-end web development languages & frameworks such as JavaScript (React/Next/Angular/Node), PHP (Laravel/Symphony), and Python
-Experience with various Application Security Testing methodologies (e.g. SAST/DAST/IAST) and assessment tools
-Experience with secure coding best practices, from sources such as OWASP and SEI
-Experience with modern testing methodologies, including functional testing (unit, integration, UAT), automated testing, and performance/load testing
-Experience with modern testing frameworks, (e.g. Selenium, Cypress, Playwright, Jest, Jasmine)
-Demonstrated experience with web accessibility (AODA, ARIA) auditing and compliance
-Proficient with the Git Version Control System
-Experience writing technical documentation and delivering presentations
-Experience in handling Incident response for web security related incidents in a calm and effective manner
-Ability to collaborate closely with various stakeholders (end users, product owners, systems administrators) to identify and incorporate security and testing considerations through the application development process
-Familiarity with common web application attack vectors and remediation techniques
-Knowledge of basic containerization (e.g. Docker)
-Familiarity with LinkedData concepts and associated technologies such as triple stores and graph databases
-Demonstrated commitment to the values of inclusivity, diversity and accessibility
Assets (Nonessential):
-Ability and desire to learn and adapt to the changing Application Security and testing landscape
-Experience in project management with demonstrated ability to self-prioritize in an environment with multiple projects and varying project timelines
-Experience in designing testing workflows using modern CI/CD principles
-Experience with Content Management Systems such as Drupal 10
-Experience with the Linux operating system and the command line
-Experience with DevOps concepts and infrastructure-as-code frameworks (e.g. Chef)
-Demonstrated proficiency in developing and maintaining data models in relational, non-relational and graph databases such as MySQL/MariaDB, Postgres, MongoDB, Redis
-Experience with cloud-hosted web services (e.g. AWS, Google Cloud, Azure)
To be successful in this role you will be:
-Accountable
-Approachable
-Communicator
-Organized
-Problem solver
-Responsible
-Team player
Closing Date: 01/12/2024, 11:59PM ET
Employee Group: USW
Appointment Type: Budget - Continuing
Schedule:
Pay Scale Group & Hiring Zone:
USW Pay Band 16 -- $99,548 with an annual step progression to a maximum of $127,305. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol.
Job Category: Information Technology (IT)
Lived Experience Statement
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged , and their lived experience shall be taken into consideration as applicable to the posted position.
