Security Specialist - Penetration Testing - Senior

Responsibilities:

• Conducts penetration tests web application vulnerability assessments code reviews and network vulnerability assessments of all environments or applications related to the OPS provincewide I&IT infrastructure and information resources.
  
• Defines evaluates and assesses security architecture requirements for systems environments and IT projects.
  
• Ensures the incorporation of IT security and contingency measures in the development of systems.
  
• Advises on the identification analysis and resolution of specific security factors risks vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards.
  
• Carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I&IT management
  

General Skills

• Experience in vulnerability assessment/penetration testing of web applications by identifying analyzing and exploiting common vulnerabilities contained in web applications by using manual techniques and automated tools appropriate for enterprise use.
  
• Experience performing penetration tests and red team assessments.
  
• Experience with vulnerability assessment methodologies tools and techniques used to conduct network vulnerability assessments and penetration testing
  
• Knowledge of techniques to secure information assets and the planning design and implementation of security technologies.
  
• Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
  
• Strong understanding and expertise in security architecture.
  
• Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk.
  
• Solid knowledge of current security and contingency technology and techniques (e.g. digital signature encryption access controls firewalls authentication virus protection etc. ); and a proven working knowledge of security audit procedures and protocols.
  
• Experience in establishing secure environments at a network operating system or application level.
  
• Experience with implementing security on complex and distributed systems.
  
• Experience in writing reports to a large audience both at an executive/nontechnical management level and technical resources.
  
• Awareness of emerging IT trends and directions especially as related to security.
  
• Excellent analytical problemsolving and decisionmaking skills; written and verbal communication skills; interpersonal and negotiation skills.
  
• A team player with a track record for meeting deadlines managing competing priorities and client relationship management experience.
  
• Experience with multiple operating systems such as Windows and Linux multiple programming languages such as.NET and Java and common network services and protocols.