Security Specialist SeniorCWM
Share
Job Location:
Monthly Salary:
Posted on:
2 hours ago
Vacancies:
1 Vacancy
Job Summary
Assignment: RQ00595 - Security Specialist - Senior
Requisition: RQ00595
Job Title: Security Specialist - Senior/CWM
Client: Ontario Health
Start Date:
End Date:
Department: Digital Excellence in Health
Office Location: 525 University Ave. Toronto
Business Days: 241.00
Location: Up to 5 days onsite (subject to HMs discretion)
Public Sector Experience: Must
Must Haves:
- 5 yearss experience and knowledge with Cloud computing concepts. Microsoft Azure and Amazon AWS PaaS knowledge and experience is highly preferred.
- 5 yearss experience and knowledge of application security architectures and the purpose of privacy and security controls (e.g. token based authentication and authorization such as OIDC SAML and OAUTH).
- 5 yearss experience building and automating security testing.
- 5 yearss experience and knowledge and understanding of networking network security and cryptographic algorithms.
- 5 yearss experience with Threat Modeling.
- Strong communication skills.
Description
Background Information:
- The purpose of this request is to acquire a Security Specialist - Senior professional. The Central Waitlist Management (FY26-27) initiative aims to digitally enable stakeholders at a provincial regional and hospital level. Applying a user first approach requirements will be developed throughout the duration of the initiative.
Desired Skills:
- Bachelors in computer science or equivalent work experience.
- 5 years in IT solutions security role.
- Security code review experience.
- Offensive security experience: red team penetration testing.
- Certified Azure Security Engineer is an asset.
- CCSP and CISSP Certifications are an asset.
CRITERIA DETAILS: 100 Points
- Minimum 5 years experience as an IT solutions security specialist in Canada preferably in Ontario - 20 points
- Knowledge and experience with cloud computing architecture and security - 20 points
- Knowledge and experience in threat modeling and vulnerability assessment for architectures and applications - 20 points
- Experience working in the health care industry specifically in health care IT - 20 points
- Knowledgeable of PHIPA and privacy legislation and how it applies to healthcare IT solutions. - 10 points
- Experience dealing in a complex multi private/public stakeholder environment - 10 points
Deliverables
- Include but are not limited to:
- Assist with designing product and service security controls.
- Collaborate with engineering teams to perform threat modeling for the proposed architecture.
- Research security vulnerabilities in current architecture and communicate mitigation strategies to impacted teams.
- Engage with engineering teams to perform security reviews of the architecture design and code throughout the SDLC process.
- Work with product architects to provide remediation and potential fixes for security issues found from pen tests static (SAST) and dynamic (DAST) analysis and provide fix recommendations ensure that findings are addressed.
- Perform ongoing security posture assessments using commercial or native tools to identify and track remediation of cyber risk in cloud environments.
- Contributing security-focused feedback to engineers during all phases of the development lifecycle.
- Report to management and key stakeholders on the product security status.
Additional Terms
- Term: The term of this Engagement Assignment is 241 Business Days. The Engagement Assignment may also be extended for unused Business Days at Agencys discretion.
- The resource will comply with Agency policies and procedures.
- Agency systems cannot be accessed from outside the province of Ontario and Agency assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from the Agency.
- Assignment Type: This position is currently listed as Hybrid. The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
