Cyber Specialist – Senior

Contract
Toronto
Posted 1 month ago

We have an excellent 6 months contract opportunity for a Cyber Security Specialist in Toronto.
Work would be done remotely until the pandemic situation normalizes.

Must haves:
• Current/Valid Government Security Clearance is mandatory
• 8+ years of expert knowledge in Application Security
• 10+ years of Hands-On Experience conducting security risk assessment
• 5+ years of experience in conducting application vulnerability assessment/penetration test
• Current experience in Cloud Security and the evaluation/review/RFP of cloud based service such as Amazon Web Services, Salesforce in a public sector environment
• 4+ years of experience working in the government/public sector
• Professional designation in at least two of the following CISSP, CISA, CISM, CRISC and PMP
• 5+ years of current experience in external contract/vendor RFP (both Cloud and on Premise): security requirements, evaluation, due diligence and review.

If you are available, please send your resume to hiten.shah@2iresourcing.ca OR bakul.jain@2iresourcing.ca OR sujata.gaimar@2iresourcing.ca OR refer someone interested.

Role (Specialist Type)/ Service: Cyber Specialist
Experience Level: Senior
Estimated Start Date: ASAP
Anticipated Duration: 6 Months
Duration of Potential Extension: Yes

1.0 Skills and Certifications
It is very important that the Services be undertaken by a Senior Security Specialist who can demonstrate specific knowledge of, and experience in performing similar work for projects of comparable nature, size and scope as detailed below.

• Extensive knowledge of enterprise architecture, architectural design and implementation methodologies including software, network and infrastructure.
• Knowledge of application design, system design, network design, and information security methods, standards, architectures, policies and procedures.
• Extensive knowledge and experience on cloud security and well versed with secure cloud migration/transformation methodologies
• Expertise in performing threat modeling exercise and security control design analysis
• Extensive experience crafting security requirements and controls for new and existing solutions
• Proven understanding of the MITRE ATT&CK, NIST CSF, CSA CCM, PCI DSS, and CIS Critical Control frameworks
• Perform architecture and design reviews, coordinating with various stakeholders to integrate secure by design principles
• Engages with technology teams across the organization to build alignment on key projects and initiatives and develop strategy and cyber architecture execution roadmaps.
• Proficient in building and maintaining documented target security architectures, roadmaps, blueprints, patterns, and standards
• Strong working experience with the following security technologies: firewalls, Intrusion detection/prevention systems, endpoint security, vulnerability management, VPN, SASE, WAF, NAC, DLP, DDoS mitigation, SOAR, content filtering, cloud security gateways, secure proxies, crypto solutions, cloud protection etc.
• Assist in setting the cyber strategy and architecture standards for new developments within the City.
• Evaluates projects, systems, applications, network and tools for compliance to cyber and architecture standards.
• Create solutions that balance business requirements with information and cyber security requirements
• Excellent understanding of System Development Life Cycle, DevOps, Agile, Network administration
• Expert knowledge in Application Security (8+ years)
• Hands-On Experience conducting security risk assessment (10+years)
• Experience conducting application vulnerability assessment/penetration test (5+years)
• Current experience in Cloud Security and the evaluation/review/RFP of cloud based service such as Amazon Web Services, Salesforce in a public sector environment
• Experience working in the government/public sector (4+ years)
• Current experience in external contract/vendor RFP (both Cloud and on Premise): security requirements, evaluation, due diligence and review (5+ years)
• Strong understanding of common vulnerability frameworks (CVSS, OWASP Top 10).
• Professional designation in at least two of the following CISSP, CISA, CISM, CRISC and PMP
• Current Government Security Clearance
• Advanced knowledge of security standards such as ISO 27001/27002, NIST, ISO 27018, COBIT and Cloud security frameworks
2.0 Assignment Duties
• Perform security review(s): Threat modeling exercise and security control design analysis, Threat Risk Assessments (TRA), vulnerability assessment, Cloud security assessment, technology review, application review, architecture review, project review, RFP evaluation
• Ability to develop in-house security risk assessment tools including the good software programming ability in languages such as VBA, Python, Java, or C
• Specify IT security products and processes.
• Direct the review, development, testing and implementation of Cyber Security plans, products and controls.
• Conduct research to aid in the security risk assessment of City operations, capital projects, and IT systems.
• Regularly review the enterprise for weaknesses in IT controls and procedures, and recommend measures to eliminate or mitigate same.
• Provide subject matter expert support/consultation to RFP design and evaluations, as directed.
• Provide strategic guidance regarding the appropriate use of new technologies (SaaS, BYOD, Cloud), the threat landscape and areas of potential concern.
• Maintain up-to-date, in-depth knowledge of cyber security and associated techniques and technologies, and disseminate this knowledge within the function and, where appropriate, within the wider IT team
• Clearly translate cyber security and information security challenges into business language and produce detailed risk assessment reports.

Apply Online

A valid email address is required.
A valid phone number is required.