Security Specialist

We are looking for a Security Specialist ! Reach out if you are interested and feel free to refer friends/colleagues!

Type of Employment: Contract
Title: Security Specialist
Term: 6-month
Location: Toronto – The position will be remote until office reopens at full capacity
Job ID number: C1072

Brief description of duties:

The Client requires the services of a security expert to assist in day-to-day security operations activities, implement security enhancements and improvements in Client’s cloud environment and application development/management practices, provide consulting expertise to the projects, and provide guidance, instruction, training, and knowledge transfer to team members.

MUST haves:

Services:

The contractor will provide the following services:

• Configure, update, implement, monitor, assess, and respond to alerts, recommendations, and findings reported by AWS detective controls such as AWS GuardDuty, Security Hub, Trusted Advisor, IAM Access Analyzer, CloudWatch Anomaly Detection, etc.
• Establish organizational security and compliance guardrails within the cloud environment using services such as AWS Config, Service Control Policies, Tag Policies, Permission Boundaries, AWS Firewall Manager, etc.
• Engage in root-cause analysis using tools such as Amazon Detective, AWS CloudTrail, CloudWatch Logs Insights, and VPC Flow Logs
• Assist in operations automation for security-related tasks such as patch management, building EC2 images, and container image scanning.
• Manage and improve network access control in AWS using a third-party firewall
• Integrate and collect AWS logs and events into Splunk using AWS CloudTrail, SQS, SNS, and the Splunk App for AWS.
• Acquire visibility and insight of the cloud environment and services through the use and configuration of Splunk.
• Ensure that all cloud solutions adhere to enterprise cloud security and compliance controls using frameworks such as the AWS Well-Architected Security Pillar
• Develop processes, in the form of playbooks and runbooks, for incident response affecting the cloud environment as per client’s security incident protocols.
• Identify gaps and assist in improving AD/Azure AD, M365, MS Defender, ZScalar security posture.
• Lead application security improvement initiatives including but not limited to SAST, DAST and other security best practices.
• Consult on and provide requirements for critical projects and initiatives.
• Raise the awareness level of cloud security within the organization.
• Take initiatives and play an active role in continuously improving and advancing client’s cloud environment by assessing overall risk and mitigation effectiveness in face of evolving network attacks and threat vectors.
• Document the operational aspects of security in the cloud with Standard Operating Procedures
• Assist with the development, implementation and maintenance of client’s ISMS policies and procedures.
• Collaborate and must provide guidance, instruction, training, and knowledge transfer to team members.