IT Security Specialist

IT Security Specialist

Do you thrive in a fast-paced, dynamic environment? Are you a team member who has experience with providing technical support and analysis of the IT Security Environment? Challenge!

Our client located in London; Ontario is looking to hire an IT Security Specialist. This person will own the security portion of the Company and all of its products and services. Reporting to the Director of Technical Operations, you will support the development, implementation, monitoring, and maintenance of security controls, processes, procedures, and systems. This role provides guidance and management for information security projects and technical requirements.

Responsibilities:

  • Supports security technology to ensure proper operation, including upgrades and installations
  • Aids in facilitating security training and awareness delivery
  • Reports, records and works with departments to resolve security related issues and incidents
  • Owns the security position of the Company and all its products and services, including PCI compliance, security monitoring, audits, and overall compliance tasks related to security
  • Responsible for analyzing, developing, implementing and enforcement of security, privacy and data protection requirements, policies and corporate technical guidelines
  • Identify risks to the business by elevating business objectives, system requirements, designs and integration points
  • Monitor and continually improve overall cybersecurity, including application security, designs and integration points
  • Monitor and continually improve overall cybersecurity, including application security, network security, data security and mobile security
  • Establish actionable security levels to address risk, define mitigation strategies, metrics, reporting and program services
  • Create maturity models and roadmaps that ensure continual program improvements
  • Research information security standards
  • Conduct system security and vulnerability testing as well as assist responsible parties in understanding and addressing vulnerabilities
  • Coordinate and track third-party penetration testing including scope, timelines and outcomes
  • Provide guidance, evaluation and advocacy on testing responses
  • Evaluate, source, implement, and support managed security services and consultants
  • Create cybersecurity awareness content and educate personnel on security threats and best practices
  • Perform product evaluations, recommend and / or implement products and services for the security stack
  • Act as the primary technical lead for information security incidents and performs forensic investigations of intrusions and other cyber security events to determine root cause
  • Provide recommendations for appropriate adaptation of the security environment to meet new demands

Requirements:

  • Bachelor’s degree in Computer Science / or related Technical Field or equivalent experience
  • Knowledge of how to properly secure and audit Unix/Linux and Windows servers and desktop systems
  • 10+ years’ experience in the IT industry
  • 7+ years’ experience in security/cyber security
  • Experience working in Microsoft Azure
  • Knowledge of common application vulnerabilities, current threat vectors, and mitigations
  • Experience working with teams using Agile, XP, Lean development practices
  • Hands on experience with web application and secure code testing tools and services
  • Knowledge of IP protocols, networks, security architectures and security threats in an IP network
  • Knowledge of incident handling and response, exploit analysis, tool deployment, network intelligence gathering, incident analysis, reverse engineering of attacker methods, digital forensics methods and procedures, eDiscovery, and demonstrated analytical analysis of information security and intrusion analysis
  • Hands-on experience using port and network scanners
  • Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail, AD/LDAP, NAC, SSL/TLS, AV, WAF, SIEM, DLP, IPS).
  • Experience with VMware and applying security to virtual platforms
  • Experience working with leading firewall, scanning, filtering and intrusion detection technologies/services
  • Experience working with logging and file integrity monitoring tools
  • Experience with ITSEC standards and best practice frameworks. (ISO 27001/27002, NIST, Cobit, ITIL, PCI)
  • Preferred security certifications (CISSP, CEH, GIAC Security Essentials, CompTIA Security+)
  • Familiarity with IT security standards, compliance regulations and best practice frameworks (ISO 27001, ISO 27002, NSIT, OWASP, SANS, SOX, ITIL, PCI DSS)

Please send your resume and cover letter to Maureen@2a3group.ca or call 519-858-8880.