Implement and administer IT security policies and procedures;
Ensure the integrity, confidentiality, and availability of critical data resources and automated system components;
Administer and configure the Enterprise Management suite of tools;
Manage IT vulnerability management services by analyzing, prioritizing, and conducting vulnerability assessments and penetration testing;
Provide regular and on-going security assessments of IT systems and networks, including the maintenance of its policies and procedures;
Develop and maintain Security Configuration Benchmarks (SCB) or Security Technical Implementation Guides (STIGS) used in applications, databases, systems, and networks;
Work with clients to ensure compliance to security policies and IT security hardening frameworks; and
Assist the Security Operations Center (SOC) to address detected security concerns and escalations.
Education
- Undergraduate degree and three (3) years of relevant experience
- Technologist diploma or Professional technologist equivalency designation and four (4) years of relevant experience
- Fields of study: Computer science, electrical, electronics, network security, telecommunications, or engineering
The educational program must be from an accredited learning institution recognized in Canada.
Note: Any higher level of education could be recognized as experience.
Experience
Candidates who do not fully possess the experience required may be considered for this position as an underfill.
- Experience in IT security including investigating security incidents and implementing associated corrective action
- A minimum of one (1) year of Vulnerability Management Services performing vulnerability assessments and/or penetration testing.
- Recent and significant experience in penetration testing using products such as, but not limited to Kali/Backtrack, Metasploit, NExpose, Nikto, SQLmap, and Veil-Framwork, and the customization of its scripts, exploits, and payloads.
- Recent experience implementing and customizing technical security controls in recognized hardening frameworks such as, but not limited to CIS - Security Configuration Benchmarks and/or NIST - Security Technical Implementation Guides.
- Recent and significant experience in running Vulnerability Management assessments using various tools and following industry standard practices.
- Recent experience analyzing, designing, and/or implementing security controls in business applications and infrastructure systems in both Linux and Windows environments.
- Experience in network security skills such as packet, vulnerability and exploit analysis.
Recent experience is defined as experience acquired within the last four (4) years.
Significant experienceis defined as the depth and breadth of experience that would normally be acquired by a person in a position where the performance of these duties constitutes his or hermain functions over a period of two (2) years.
Assets:
- Information Security Certifications including:
- Offensive Security Certified Professional/ Certified Expert (OSCP/OSCE; OffSec)
- Global Information Assurance Certified Penetration Tester (GPEN; GIAC)
- Certified Penetration Testing Consultant/Engineer (CPTC/CPTE; EC-Council)
- Certified Penetration Tester/Certified Expert Penetration Tester (CPT/CEPT; IACRB)
Foundational understanding of:
- NIST 800-115
- ISECOM - Open Source Security Testing Methodology Manual
- Bypassing System ASLR & NX/DEP (such as Return Oriented Programming / Code Reuse)
- Heap Spraying (such as Management, Feng Shui & Heaplib) and Browser User-After-Free Conditions
- EMET Protection (such as LoadLibrary, MemProt, Caller, SimExecFlow, StackPivot)
- Code Poly/Metamorphism, Caves, Splitting, Packing, Obfuscation and/or Encryption
- OWASP References and SQL Vulnerabilities
Experience with:
- Assembly Language (x86/64), C, Python, Ruby, and/or SQL Language(s)
- GCC & MinGW Compilers
- Virtualization Technologies
Competencies
- Behavioral Flexibility
- Initiative
- Problem Solving
- Analytical Skills
- Collaboration
Notes
- A written examination will be administered for the screening of candidates. The exam will be used to assess candidates’ technical skills as it relates to the position.
- For bilingual non-imperative positions, offers will be conditional upon meeting the linguistic requirements within two (2) years of appointment.
- This position is designated CS; therefore, the employee may be eligible for a terminable allowance of 7% of the annual salary (4% at the underfill level).
- Some relocation expenses may be reimbursed.
Security Requirements
You must be eligible for an Enhanced Top Secret security clearance. The process involves a security interview and a polygraph. There is also a background investigation that includes credit and financial checks. Using illegal drugs is a crime. Drug use is an important factor in your reliability and suitability assessment. This is part of the selection process. So do not use drugs starting from when you submit your application.
by via developer jobs - Stack Overflow
No comments:
Post a Comment