Cyber Vulnerability Analyst
Job Summary
We are looking for a Cyber Vulnerability Analyst who will safeguard our technology assets against internal and external security threats to the confidentiality integrity and availability of business information and systems by analyzing and identifying cybersecurity vulnerabilities and support their remediation across IT infrastructure applications and Operational Technology (OT) devices.
- Perform cybersecurity vulnerability scanning to discover and analyze vulnerabilities and characterize risk to networks operating systems applications databases and other Information Technology (IT) and Operational Technology (OT) system components
- Perform vulnerability end-to-end process and procedures including reporting of vulnerability escalation of critical vulnerabilities and tracking patching/remediation efforts
- Perform compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings according to Metrolinx standards and policies for network devices operating systems IT and OT endpoints
- Maintain configuration control of Vulnerability Management (VM) hardware systems and application software; coordinate upgrades and other maintenance activities on VM tools.
- Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.
- Facilitate internal audits vulnerability testing and 3rd party pen testing activities.
- Work with the IT Security Operations and IT Operations teams in supporting Cybersecurity incident response activities and reporting
- Engage and collaborate with various teams across the organization along with third party vendors to update develop technical documentation and associated reports as required
- Monitor security alerts and participate in security incident management and response
- Participate in evaluating recommending implementing responding and troubleshooting security solutions
- Act as a subject matter expert in the support of internal client support development and validation teams. Leverage industry standard and recognized provincial security control frameworks to advance minimum privacy and security practices and specifications
- Participating in incident response and technical investigations as needed.
- Researching vulnerabilities/threats and writing technical and non-technical reports for management
- Collaborate with stakeholders to map out the inventory of devices used throughout Metrolinx to identify remediate and patch vulnerabilities or implement compensating controls.
- Proactively identify highlight and raise emergent and urgent critical vulnerabilities to Cyber Vulnerability Manager and appropriate IT and Cybersecurity teams to mitigate protect and prevent threats to Metrolinx systems and services.
Participates in the 24x7 Information Security Response team; participates in cross-functional team meetings to remediate identified security risks and close out pending action plans
- Completion of a degree in Computer Science Information Technology (IT) or a related discipline or a combination of education training and experience deemed equivalent
- Demonstrated years experience developing and implementing system security controls remediation of security issues and identifying and managing threats to the achievement of business objectives; project management experience; and broad-based experience in the CISSP security domains.
- Experience with IPS/IDS SIEMs and other security tools
- Experience performing security/vulnerability reviews
- Experience with cloud security
- Experience with Operational Technology considered an asset
- Certified Information Systems Security Professional (CISSP) CCSP (Certified Cloud Security Professional) Security Cisco Certified Network Associate (CCNA) GIAC or other similar credentials considered an asset
- Understanding of application systems database operating system and endpoint device (laptops desktops) hardening techniques and standards
- Operational experience with vulnerability management patch management and cybersecurity tools such as Qualys Tennable Rapid7
- Strong communication skills and the ability to understand and translate cyber security threats from a technical perspective to business-line understanding and execution; ability to communicate risks and propose counter measures to senior technology executives.
- Well-developed analytical qualitative and quantitative reasoning skills and demonstrated creative problem-solving abilities with complementary skills for log analytics and diagnosis skills utilizing regular expression and/or scripting.
- Strong research background utilizing an analytical approach
- Candidate must be able to react quickly decisively and deliberately in high stress situations
As a member of the 24x7 Information Security Response team position may be required to be available outside of regular office hours to address issues as they arise.
We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act and other applicable legislation so if you require accommodation during the hiring process please let our Recruitment team know by contacting us at: or email
Required Experience:
IC