Share this Job
Requisition Number:  6883
Position Type:  Term
Position Length:  3 years (extension / permanent possible)
Location: 

Ottawa (Downtown), ON, CA

Remote Work:  Yes, within Canada
Closing Date:  Undetermined

Diversity and Inclusion
We strive to make our policies, programs and workplace more inclusive, respectful and barrier-free. We encourage applications from women, Indigenous peoples, veterans, persons with disabilities, members of visible minorities and persons of all races, ethnic origins, religions, abilities, sexual orientations, and gender identities and expressions.

We make career growth and professional development a priority. We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce.

Let our team know if you need accommodation or support during the recruitment process due to a disability or other reason. We can provide support in multiple ways, from using this site and submitting your application, right through to the interview process. If you are the successful candidate, you can also discuss accommodation needs when you receive your offer.

Contact accessiblecareers@bankofcanada.ca to discuss how.

Mobile Security Architect


Take a central role
The Bank of Canada has a vision to be “a leading central bank—dynamic, engaged and trusted—committed to a better Canada.” No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in a diverse and inclusive organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in an environment where we are reinventing central banking, renewing ways of doing business and reinforcing a culture of innovation.

 

Find out more about the next steps in our Recruitment process

 

The Project 
The Bank of Canada is embarking on a program of major social significance to design a contingent system for a central bank digital currency (CBDC), which can be thought of as a banknote, but in digital form. This project will require us to break new ground. It will take into consideration a wide variety of factors, including policy considerations, diverse partner needs, difficult technical challenges, and the development of a technical architecture.  
 

For further background information on the CBDC program, please refer to the Contingency Planning for a Central Bank Digital Currency background note, Money and Payments in the Digital Age speech by Deputy Governor Tim Lane and Staff Analytical Notes on Designing a CBDC for Universal AccessTechnology Approach for a CBDC, Privacy in CBDC technology and Security of a CBDC.
 
The Challenges 
CDBC is a new product category, requiring the design of a core digital currency product(s), in addition to services and supporting systems for which there are no existing examples. To meet the Bank’s policy goals, a Canadian CBDC will need to maintain certain cash-like properties in its function, including:

  • Security: CBDC must have the highest levels of security so Canadians can use it with confidence, as they do our banknotes. 
  • Privacy: While not aiming for cash-like anonymity, CBDC should be highly private yet meet the obligation to be compliant with anti-money laundering and other regulations.  
  • Resilience: CBDC should continue to work even during electrical power and network outages.  
  • Universal Access: Regardless of their circumstances, CBDC should be usable by all Canadians, even by those without a bank account or access to a cellular phone, in remote communities not well served by cellular networks, and/or those with sensory, motor and cognitive impairments.  

 
What you will do 
Working with the Assistant Director, CBDC Security, Privacy and Resilience in the FinTech Research team, you will use your expertise in mobile and browser security to guide a variety of mission critical efforts that support the design and security of a digital currency product and services to meet both the Bank of Canada’s policy goals and the needs of millions of users, merchants and other partners. 

 

Working with a hardworking and diverse team you will contribute to all phases of the design and development of a Canadian CBDC, including proofs-of-technologies and/or collaboration with external vendors to design customized, secure applications for iOS, Android and browser-based platforms.

 

As part of your main responsibilities you will:

  • Design the security architecture of CBDC applications and contribute to their overall design, including the critical examination and testing of vendor and designer solutions
  • Contribute to threat modeling, vulnerability analysis and penetration testing  
  • Contribute to the security architecture of point-of-sale terminals and infrastructure endpoints
  • Collaborate with vendors and partners on security assessments and audits
  • Identify gaps and investigate new technologies on mobile platforms as pertaining to CBDC
  • Ensure to be up to date on the latest vulnerability research and exploit mitigation techniques
  • Liaise closely with, and consider impacts on, other aspects of the system, outside the immediate area of responsibility, in formulating technical designs
  • Explain and rationalize design choices, especially when multiple options are available

 

What you will need to succeed 
We are looking for a talented applications developer or architect who has the following: 
Experience in or with:

  • conducting security analysis and implementing security at the application, OS and device level
  • mobile wallets design or development/deployment of secure mobile applications in the payment space
  • security frameworks in iOS and Android 

 

Knowledge of:

  • The tools for conducting mobile applications penetration testing
  • OWASP framework and experience with secure coding practices in a mobile application stack
  • Multi-factor authentication, including techniques (such as TFA, (T)OTP, OAuth) 

 

Familiarity with:

  • Secure element programming 
  • Credentials, certificates, and public key infrastructure

 

We are also looking for someone who demonstrates the ability to:

  • Analyze and adapt to evolving situations, define problems, synthesize research-based conclusions, and implement creative changes 
  • Make and explain complex trade-offs recommendations and communicate clearly and effectively with all levels of partners 

 

Nice-to-Have 

  • Exposure or involvement at the early stages of product development
  • Experience with payment technologies such as Apple Pay and Google Pay and digital payments platforms (ex. Square, Shopify) 
  • Familiarity with biometrics
  • Experience in ethical hacking and/or reverse-engineering 

 

Your education and experience 
This position requires a Bachelor`s degree in computer science, computer engineering, electrical engineering, or a related field, with 7-10 years of relevant work experience within IT, and a 3-5 years of recent experience in mobile applications design and development from a security focus. An equivalent combination of education and experience may be considered. 

 

What you need to know

  • Language requirement: English and French essential (bilingual) with a minimum starting level of functional (level 4) in second official language. Training may be provided to help reach the required level of fully functional (level 5) in second official language.
  • Priority will be given to Canadian citizens and permanent residents
  • Security level required: Secret 
  • There will be no relocation assistance provided
  • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
  • In response to the COVID-19 pandemic and further to public health guidelines, preventative measures are being taken to ensure health and safety during the recruitment process. All interviews are conducted virtually.  
  • Remote Work: Candidates not within commuting distance will be eligible to remote work from their current location within Canada for the duration of this term.

 

 

Vaccination: In response to the COVID-19 pandemic that was declared by the World Health Organization, the mandates issued by the federal government, and the direction provided by public health authorities, the Bank of Canada requires all new employees to be fully vaccinated prior to their start date.  If you are the selected candidate, you will be asked to first attest your vaccination status at the reference stage and will then be required to submit proof of vaccination status or request accommodation for a legitimate medical, religious reason or other human rights-based grounds at the offer stage as part of the offer process.

 

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.

 

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider

 

  • Salaries are based on qualifications and experience and typically range from $95,500 to $119,400 (job grade 18)
  • Depending on performance, you may be eligible for performance pay for successfully meeting (7 to 10% of your base salary) or for exceeding expectations (15% of your base salary). Exceptional performers who far exceed expectations may be eligible for higher performance pay.
  • Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
  • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
  • Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service #LI-POST