Information Security Engineer With CISSP
Information Security Engineer With CISSP
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Role: Information Security Engineer With CISSP
Location: Toronto ON (5days Onsite)
MUST HAVE: CISSP certification and experience in security focused Devops engineering
Duties and Responsibilities
As a Staff Information Security Engineer at Client you will be joining a diverse team of mixed background technologists. Your mandate as Staff Information Security Engineer is to provide secure and stable platform solutions that empower our organization to create the highest quality services for our customers. On a day to day basis youll assist with triaging information security alerts events and investigations for potential security incidents by performing detailed analysis activities. You will take corrective actions if necessary and escalate as appropriate. Where necessary you will provide technical insight into the development and support of all security operational processes procedures and tools used for ensuring the integrity of Clients security program. You will lead and participate in periodic access reviews vulnerability assessments Secure-SDLC 3rd party engagements for security assessment Security Steering Committee PenTests and routine external audit activities. You will be operating with a high level of autonomy engaging with stakeholders clients and vendors at all levels across the organization and external contributing to the continuous improvement of Clients cyber security posture - as a result you must be a self starter and be able to manage the initiatives independently. Specifically this role requires an advanced level of knowledge around secure cloud architecture design and compliance enforcement. You will be leading the security initiatives for all of Clients systems across all domains. This role also requires strong communication skills and a proactive mindset such that the needs of the organization as a whole are met. Occasionally there will be a need to provide security operations support outside business hours
Qualifications
Bachelors degree in computer science systems analysis or a related study or equivalent experience.
CISSP (certified with Endorsement phase fully completed).
5 years of demonstrable experience spanning at least four different CISSP domains.
Experience working with Compliance programs like PCI-DSS or SOC2.
Strong understanding of defense-in-depth strategies and implementation of technical controls across the entire organization with ability to assess gaps and risks around computing systems and operations.
Experience developing and adopting information security and governance standards policies and procedures.
Experience in conducting successful vulnerability assessments across various infrastructure tiers including penetration testing scanning and remediation activities.
Experience in cloud native technologies especially around Kubernetes and cloud environments is a must. Strong understanding of networking concepts protocols and architectures.
Strong understanding of security concepts around PKI TLS and encryption.
Experience using network and security assessment tools both at host and at network tier.
Experience with IAM SSO RBAC and other AuthN/AuthZ management technologies.
Familiarity with CVE databases vulnerability scoring systems (e.g. CVSS) and security industry standards such as ISO 27001 and NIST.
Strong proficiency in Linux/Unix based operating systems Python programming language and Shell scripting.
Other industry standard certifications like CISA CISM CGRC and CRISC are a plus.
Experience as a team lead is a plus.
Employment Type
Full-time
