Cyber Security Specialist

Toronto
Posted 6 days ago

Cyber Security Specialist

We have an excellent 1 year contract opportunity for a Cyber Security Specialist in Toronto.
Work would be done remotely until the pandemic situation normalizes.

Must haves:
• Current/Valid Government Security Clearance is mandatory
• 8+ years of expert knowledge in Application Security
• 10+ years of Hands-On Experience conducting security risk assessment
• 5+ years of experience in conducting application vulnerability assessment/penetration test
• Current experience in Cloud Security and the evaluation/review/RFP of cloud based service such as Amazon Web Services, Salesforce in a public sector environment
• 4+ years of experience working in the government/public sector
• 5+ years of current experience in external contract/vendor RFP (both Cloud and on Premise): security requirements, evaluation, due diligence and review.

If you are available, please send your resume to hiten.shah@2iresourcing.ca OR bakul.jain@2iresourcing.ca OR sujata.gaimar@2iresourcing.ca

Role  : Cyber Security Specialist
Experience Level: Senior
Estimated Start Date: ASAP
Anticipated Duration: 1 year

1.0    Description of Assignment

 

 

The candidates will support the Client’s Cyber Security Program and other applicable assignments as directed by management.

 

This work assignment is scoped to address cyber security work associated with new capital projects, operational demands as well as other strategic security initiatives.

2.0    Skills and Certifications
It is very important that the Services be undertaken by a Senior Security Specialist who can demonstrate specific knowledge of, and experience in performing similar work for projects of comparable nature, size and scope as detailed below.

 

    • Extensive knowledge of enterprise architecture, architectural design and implementation methodologies including software, network and infrastructure.
    • Knowledge of application design, system design, network design, and information security methods, standards, architectures, policies and procedures.
    • Extensive knowledge and experience on cloud security and well versed with secure cloud migration / transformation methodologies
    • Expertise in performing threat modeling exercise and security control design analysis
    • Extensive experience crafting security requirements and controls for new and existing solutions
    • Proven understanding of the MITRE ATT&CK, NIST CSF, CSA CCM, PCI DSS,  and CIS Critical Control frameworks
    • Perform architecture and design reviews, coordinating with various stakeholders to integrate secure by design principles
    • Engages with technology teams across the organization to build alignment on key projects and initiatives and develop strategy and cyber architecture execution roadmaps.
    • Proficient in building and maintaining documented target security architectures, roadmaps, blueprints, patterns, and standards
    • Strong working experience with the following security technologies: firewalls, Intrusion detection/prevention systems, endpoint security, vulnerability management, VPN, SASE, WAF, NAC, DLP, DDoS mitigation, SOAR, content filtering, cloud security gateways, secure proxies, crypto solutions, cloud protection etc.
    • Assist in setting the cyber strategy and architecture standards for new developments.
    • Evaluates projects, systems, applications, network and tools for compliance to cyber and architecture standards.
    • Create solutions that balance business requirements with information and cyber security requirements
    • Excellent understanding of System Development Life Cycle, DevOps, Agile, Network administration
    • Expert knowledge in Application Security (8+ years)
    • Hands-On Experience conducting security risk assessment (10+years)
    • Experience conducting application vulnerability assessment/penetration test (5+years)
    • Current experience in Cloud Security and the evaluation/review/RFP of cloud based service such as Amazon Web Services, Salesforce in a public sector environment
    • Experience working in the government/public sector (4+ years)
    • Current experience in external contract/vendor RFP (both Cloud and on Premise): security requirements, evaluation, due diligence and review (5+ years)
    • Strong understanding of common vulnerability frameworks (CVSS, OWASP Top 10).
    • Professional designation in at least two of the following CISSP, CISA, CISM, CRISC and PMP
    • Current Government Security Clearance
    • Advanced knowledge of security standards such as ISO 27001/27002, NIST, ISO 27018, COBIT and Cloud security frameworks
3.0    Assignment Duties
      • Perform security review(s): Threat modeling exercise and security control design analysis, Threat Risk Assessments (TRA), vulnerability assessment, Cloud security assessment, technology review, application review, architecture review, project review, RFP evaluation
        • Ability to develop in-house security risk assessment tools including the good software programming ability in languages such as VBA, Python, Java, or C
        • Specify IT security products and processes.
        • Direct the review, development, testing and implementation of Cyber Security plans, products and controls.
        • Conduct research to aid in the security risk assessment of client operations, capital projects, and IT systems.
        • Regularly review the enterprise for weaknesses in IT controls and procedures, and recommend measures to eliminate or mitigate same.
        • Provide subject matter expert support/consultation to RFP design and evaluations, as directed.
        • Provide strategic guidance regarding the appropriate use of new technologies (SaaS, BYOD, Cloud), the threat landscape and areas of potential concern.
        • Maintain up-to-date, in-depth knowledge of cyber security and associated techniques and technologies, and disseminate this knowledge within the function and, where appropriate, within the wider IT team
        • Clearly translate cyber security and information security challenges into business language and produce detailed risk assessment reports.

 

4.0    Deliverables
 

  • All duties as outlined above in Section 3.0 Assignment Duties
  • Other deliverables as directed by management

Apply Online

A valid email address is required.
A valid phone number is required.