Our federal client is seeking a Senior Security Design Specialist, on an "as and when required basis" for the services provided by IT professionals in the IT Security domain, most specifically in the area of IT Security Assessment of Cloud IT Infrastructure & Services.
The client requires experienced, dynamic IT security professional services with a secret clearance and expertise in various IM/IT Technologies.
The work performed under this contract involves working in partnership with all stakeholders to ensure security is implemented early into the design; to identify technical architecture, challenges, risks, provide recommendations and security assessment services for various infrastructure projects. This includes, but not limited to, deliverables such as tailoring of security control for various data centre and cloud infrastructure services, assessment/validation of the implementation of the security controls into the architecture design documentation, assessment/validation of security mitigation effectiveness, assessment/validation of the effectiveness of security controls in development, preproduction & production environments, preparing security assessment plans, risks registers, weekly assessment reports, security requirements traceability matrices (SRTMs), Security Control Traceability Matricies (SCTM) and security assessment reports..
A minimum of a three year college diploma(computer science or other IT related field; OR
a university degree at the Bachelor level in Information Technology (computer science or engineering) or other IT related field; OR
A minimum of LEVEL years (in the last 15 years) work experience in the IT field.
Must have 10 years’ experience experience performing tasks similar to those of a Security Design Specialist Level 3
Must clearly demonstrate recent (within last 5 years), a minimum of 4 consecutive months experience per project, over the last 4 years, direct experience in the assessment or writing of formal Security Assessment (ITSG-33 based) and Authorization reports. To meet this rated requirement, the demonstrated experience must include acquired experience focused on IT Security service delivery that needs to meet Communication Security Establishment Canada directives and guideline publications.
Must clearly demonstrate the proposed resource recent (within last 5 years) minimum of 6 months project experience direct working knowledge of the GC standards, policies and guidelines)
Recent (within last 5 years) direct experience developing the following documents:
· Security Control Profile;
· Design Specifications;
· Statement of Sensitivity;
· Asset Categorization;
· Threat modeling;
· Statement of Acceptable Risk;
· IT Test Cases;
Validation of the following:
· Assessment of GC Cloud Guardrails;
· Assessment of security in High Level Design and Detail Design documentation;
· Assessment of security threats;
· Assessment of mitigation strategies;
· Assessment of residual risk;
· Assessment of Integration Security Testing;
Must clearly demonstrate the proposed resource must have at least two (2) years within the last five (5) years working as a Security Assessment Analyst with experience developing and updating security assessments for IT Systems* other than in house developed software solutions.
Must clearly demonstrate the proposed resource has experience within the past five years, in the following areas:
· Cloud Security;
· Cloud automation/orchestration
· Data Centre Infrastructure;
· Wired Network Security;
· Application Security;
· Network Infrastructure;
· Wireless Security;
· Networking Protocols (i.e. Internet Protocol Suite, TLS, SSL, etc.);
· Intrusion detection systems and firewalls;
· Approved GoC Cryptographic Algorithms; and
· Network Security Zones.
Must clearly demonstrate the proposed resource has experience performing the following IT Security tasks:
· Analysis of IT Security tools and techniques;
· Analysis of security data and provision of advisories and reports;
· Preparation of technical documentation such as reports, requirement analysis, options analysis, technical security architecture documents, risk modeling and security requirements traceability matrix;
· Reviewing and incorporating recommendations (into deliverables) from threat and risk assessment of IT systems;
Security architecture design and engineering support.
- Must hold a Secret Clearance