Cyber Security Specialist
Requisition ID: 190822
Career Group: Corporate Office Careers
Job Category: IT Cyber Security Operations
Travel Requirements: 0 - 10%
Job Type: Full-Time
Country: Canada (CA)
Province: Ontario; Alberta
City: Mississauga
Location: Tahoe Office, Calgary Office
Embark on a rewarding career with Sobeys Inc., celebrated among Canada’s Top 100 employers, where your talents contribute to our commitment to excellence and community impact.
Our family of 128,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families.
A proudly Canadian company, we started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1,600 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawtons Drug Stores or another of our great banners but we are all one extended family.
Ready to Make an impact?
We are seeking a proactive and analytical Cybersecurity Specialist to join our Offensive Security Team. This role is ideal for candidates with solid experience in application security, vulnerability assessments, and managing the attack surface. You will play a key role in supporting offensive security activities, collaborating on penetration testing efforts, and enhancing secure development practices using SAST/DAST/SCA tools. A strong understanding of risk analysis, purple teaming, and a solution-oriented mindset are essential.
Sobeys is full of exciting opportunities, and we are always looking for bright new talent to join our team! We currently have a full-time opportunity for a Cyber Security Specialist. This role can be based out of one our main offices including: Mississauga, ON. Calgary, AB.
Here’s where you’ll be focusing:
Key Responsibilities:
1. Secure Application Security Practices
- Operate and maintain SAST, DAST, and SCA tools to identify vulnerabilities in code and third-party components.
- Review findings, classify risk levels, and collaborate with development teams for remediation.
- Support secure design reviews and code analysis for new and existing applications.
2. Penetration Testing & Vulnerability Assessment
- Assist in web application and infrastructure penetration tests.
- Collaborate in planning, scoping, and executing penetration tests (both internal, external and web).
- Analyze and interpret vulnerabilities, providing clear and prioritized risk-based recommendations.
- Validate remediation steps and support retest, as necessary.
3. Attack Surface Management
- Continuously monitor and analyze the organization's external and internal attack surfaces.
- Use ASM tools and manual techniques to detect new exposures, shadow IT, and rogue services.
- Help enforce secure configurations and alert teams to high-risk assets.
4. Purple Team Collaboration
- Work closely with blue teams to test and improve detection, alerting, and response capabilities.
- Assist in threat simulation exercises, providing insights from offensive and defensive perspectives.
- Participate in purple team drills to validate and enhance security posture.
#LI-Hybrid
What you have to offer:
Required Skills and Qualifications:
- 1-3 years of experience in application security, offensive security, or penetration testing roles.
- Strong understanding of OWASP Top 10, MITRE ATT&CK framework, and secure SDLC.
- Experience in offensive tools and frameworks.
- Strong collaboration and communication skills to engage with cross-functional teams.
- Good analytical abilities for risk classification and contextual decision-making.
- Critical thinker with a proactive, problem-solving mindset.
- Positive attitude, eager to learn and adapt to a dynamic security landscape.
Preferred Certifications (Nice to Have):
- CEH, GWAPT, or similar certifications in offensive security.
- CSSLP, eWPT, or other application security-focused credentials.
At Sobeys we require our teammates to have the ability to adhere to a hybrid work model that requires your presence at one of our office locations at least three days per week. This requirement is integral to our commitment to team collaboration and the overall success of our office culture.
We offer a comprehensive Total Rewards package, which varies by role and designed to help our teammates to live better – physically, financially and emotionally.
Some websites share our job opportunities and may provide salary estimates without our knowledge. These estimates are based on similar jobs and postings for general comparison, but these numbers are not provided by our organization nor monitored for accuracy.
We will consider factors such as your working location, work experience and skills as well as internal equity, and market conditions to ensure the selected candidate is paid fairly and competitively. We look forward to discussing the specific compensation details relevant to this role with candidates who are selected to move forward in the recruitment process.
Our Total Rewards programs, for full-time teammates, goes well beyond your paycheque:
- Competitive Benefits Package, tailored to meet your needs, including health and dental coverage, life, short- and long-term disability insurance.
- Access to Virtual Health Care Platform and Employee and Family Assistance Program.
- A Retirement and Savings Plan that provides you with the opportunity to build and add value to your savings.
- A 10% in-store discount at our participating banners and access to a wide range of other discount programs, making your purchases more affordable.
- Learning and Development Resources to fuel your professional growth.
- Parental leave top-up
- Paid Vacation and Days-off
We are committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process.