Cyber Security Specialist

We are looking for a Cyber Security Specialist! Reach out if you are interested and feel free to refer friends/colleagues!

Type of Employment: Contact
Title: Cyber Security Specialist
Term: 8-month – 37.5 hours/week
Location: Mississauga
Job ID number: C1117

Brief description of duties:

We are looking for a seasoned security champion to join the team that’s building client’s cloud-scale commercial end-to-end next generation computational science software system. This system will support the software development for the world leader in diagnostics across clinical chemistry, immuno-assays, PCR testing, genomic and oncology analysis as well as digital diagnostics. Delivering a secure set of software products is essential to protecting patients and their data.

Responsibilities

Working together with the product architects and the security architect the security champion will be responsible for supporting the projects with hands-on advice about implementation of security relevant features. You will get to know the products and ensure that they are considering security and data privacy aspects throughout the agile product life cycle. In addition, you will be automating the existing security tools to deliver a continuous monitoring of the development process and release. Furthermore you know how to secure the cloud environments where the applications will be deployed.

Must-have:

• Practical experience and understanding of agile software development methodologies in a corporation

SAFE

SCRUM

Product Increment

• Understanding of Infrastructure as a code (IaC) artifacts within DevSecOps lifecycle with emphasis on the following components:

CI/CD (GitHub, jenkins)

Cloud infrastructure (AWS)

Containers (docker) and Container orchestrators (Kubernetes)

Identity and Access Management

• Sold understanding of AWS Cloud components, mainly:

VPC

EC2

Security layer (IAM, IAM policies and permissions, Security groups)

S3

EKS, ECS

• Orientation in common software architecture and secure solution designs topics

Authentication

Authorization

Secure communication (encryption in transit)

Secure data storage (encryption at rest)

• Solid understanding of common security vulnerabilities (e.g. OWASP TOP 10) its impacts and corresponding security controls
• Hands-on experience with CI/CD pipelines to integrate with selected tools
• Understanding of Vulnerability management with practical experience in:

Vulnerability identification, understanding of vulnerability management tools reports (Tenable, Cloudguard, Mend, Snyk)

Supporting Impact and risk assessments

Guide with remediation support

• Practical experience with using monitoring tools (Splunk, ELK)

Usage of queries to search through and visualize security monitoring data

Support investigation by utilizing the monitoring and audit data

Nice to have:

• Software development experience – ideally Java based ecosystem
• Experience with compliance activities (corporate assessments, internal audit support, ISO/IEC 2700x standards)
• Experience with incident handling and/or incident investigation
• Ability to read and understand Java code
• Experience with threat modeling exercises
• Practical experience with a scripting language (Python / Bash / Groovy)
• Planned office work location