Job Title: Sr. Cyber Security Engineer
Employment Status: Permanent Full Time
Location: Waterloo; Ontario
This position will be responsible for ensuring appropriate security controls are in place and operating effectively. They will recommend changes that will improve every aspect of security.
The Cyber Security Engineer will be a senior technical team member accountable for the day-today delivery of the organization’s information security operations.
The role will identify security issues and risks, develop mitigation plans, analyze and assess the security measures and determine effectiveness and where improvements are needed.
The role is responsible to participate in security compliance efforts, providing security expert guidance, communicating and educating on proper security measures.
The role must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.
Maintain an information security framework and supporting processes to ensure the information security program is aligned with organizational goals and objectives.
Manage information risk to an acceptable level to meet the business and compliance requirements of the organization.
Facilitate and or participate in the response to a security incident.
Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact.
Review and analyze security logs and reports from a variety of sources including security tools, servers, network devices and recommend and implement improvements for an improved security posture
Continuous active monitoring of information security threats and industry developments. Recommend appropriate action and ensure necessary solutions are put in place.
Develop and deploy information security policies, standards and capability modelling .
Collaborate in the architecture, selection and design of security strategies to identify, protect, detect, respond to and recover from security threats .
As the subject matter expert provides internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the advantages of managing information security risks more efficiently and effectively.
Create, collaborate, promote and or develop security awareness programs.
Actively assist with security requirements, capabilities and design processes associated with the implementation of new and changed business processes and information systems.
Contribute to information security issues related to audit responses and risk management activities.
Manage third party relationships relating to corporate security services as required (e.g. penetration testing, SOC).
Develop and maintain security risk metrics and identify issues that put the organization at risk.
Understand current regulatory environment and related implications to security management compliance.
Manage corporate security tools and appliances to ensure operating effectively
Facilitate vulnerability assessments, security audits, and penetration tests and oversee resolution of any findings.
Promote and contribute to the development of security awareness Perform system access reviews and security administration activities.
What You Bring To The Team
5-7 years in information security
Bachelor’s degree in computer science, information systems, information management or equivalent work experience
Formal security accreditation
Hands-on experience in security incident, event management and forensics
Hands on experience in developing, publishing and reviewing security policies, standards and procedures in a medium to large organization
Strong understanding of security-related technologies (e.g. perimeter firewalls, application firewalls, intrusion detection, security incident and event management, anti-virus, advanced threat protection)
Demonstrated knowledge of application, data, infrastructure, cloud and mobile security
Demonstrated experience with common information security frameworks and standards (e.g. COBIT, ITIL, ISO27001, SOC, CIS)
Experience with risk analysis, penetration testing and vulnerability testing
Familiar with data encryption techniques and best practices
Familiar with risk management and risk discipline methodologies
Demonstrated knowledge of security industry best practices and standards
Exposure or understanding of these technologies: Kubernetes, hybrid cloud, containers, Linux, service mesh
Demonstrates the ability to convey thoughts and express ideas effectively using speech in individual or group situations;
Attends to and fully comprehends what others are saying.
The ability to develop and maintain internal and external trusting, professional relationships.
It also includes using listening and understanding to build rapport.
Balances team and individual responsibilities;
Exhibits objectivity and openness to others’ views;
Gives and welcomes feedback;
Contributes to building a positive team spirit;
Puts success of team above own interests;
Able to build morale and group commitments to goals and objectives;
Supports everyone’s efforts to succeed.
Able to interpret information from multiple sources and draw logical conclusions;
Consults others based on analysis of data;
Able to think strategically and use data findings to consult others for improved business results.
The ability to assess the degree of risk in plans or actions and take appropriate action to mitigate them or make contingency plans to limit the magnitude of risk.
It includes having insight and appreciation of client/business needs, priorities, goals, and seeing that actions support the business goals.
Considers, prioritizes, and takes action on the needs of both internal, and external customers.
If this sounds like you and you are looking to be a part of one of Canada’s largest independent mortgage finance companies in Canada, then we want to hear from you!