Cyber Security Engineer

This posting is to fill a current vacancy.

Key Responsibilities-

Cyber Security Operations & Incident Response

• Working with the Cyber Security operations team develop processes and implement technology to monitor investigate analyze and respond to security alerts events and incidents using modern detection and response technologies.
• Provide expertise and support cyber security incident response activities including threat analysis containment eradication recovery and postincident review.
• Lead investigations of cyber security incidents that require deep expertise involving both external threats and internal users including employees contractors and privileged accounts.
• Work with cyber security partners to conduct proactive threat hunting and analysis of suspicious activity to identify advanced or persistent threats.
• Escalate and communicate security risks incidents and investigative findings to appropriate Manager and/or stakeholders with clear technical and riskbased context.
• Participate in oncall and afterhours response activities as required to address timecritical security incidents.

Cyber Security Investigations & Confidential Advisory Functions

• Act as a trusted technical advisor to management during employeerelated cyber incidents as the Lead and conduct cyber security investigations involving internal employees including potential insider threats policy violations misuse of PHO systems or inappropriate access to sensitive information.
• Produce confidential investigative reports technical assessments and expert findings for use by Human Resources Legal Services and executive leadership in disciplinary corrective or labourrelations processes.
• Handle highly sensitive employeespecific and labourrelationsrelated information in a strictly confidential capacity exercising professional discretion judgment and independence.
• Independently determine investigative scope methods and response actions for complex sensitive or highrisk cyber security incidents.
• Collect preserve analyze and document digital and forensic evidence including logs access records system activity and security telemetry in accordance with evidentiary legal and chainofcustody requirements.

Security Engineering & Tooling

• Lead the design and implementation configuration operation and optimization of security controls across enterprise environments including Endpoint network and cloud detection and response (EDR/XDR/NDR).
• Security Information and Event Management (SIEM) and automation/orchestration (SOAR).
• Vulnerability management and continuous vulnerability assessment.
• Email security and antiphishing platforms.
• Network firewall container and application security controls.

• Implement and maintain security controls in cloud environments (e.g. Azure AWS GCP) ensuring secure configurations and monitoring.
• Support the secure deployment and operation of SaaS platforms (including M365) by integrating and validating security features and controls.
• Implement security automation scripting and process improvements to enhance detection response and operational efficiency.

Risk Architecture & Secure Design

• Translate business and operational requirements into technical security requirements and solutions.
• Analyze solution architectures system designs and technology changes to identify security risks threats and vulnerabilities.
• Recommend technical security controls and design improvements to reduce risk and improve resilience.
• Support security testing assessments and remediation activities. E.g. red/purple team pen-tests vulnerability assessments.

Vulnerability & Threat Management

• Perform vulnerability scanning assessment prioritization and remediation tracking across infrastructure applications and cloud services.
• Apply threat intelligence attacker techniques and security frameworks to improve preventive and detective controls.
• Continuously evaluate emerging threats vulnerabilities and attack trends to proactively strengthen security controls.

Policies Standards & Documentation

• Develop maintain and enhance security procedures standards technical documentation and operational runbooks.
• Contribute to the implementation and alignment of security frameworks standards and best practices.
• Support audits compliance activities and security reviews by providing technical evidence and expertise.

Collaboration & Advisory Support

• Work closely with PHOs IT cloud application privacy legal and business teams to embed security into daytoday operations and projects.
• Collaborate with external partners vendors and sector peers on cyber security matters and shared threat intelligence.
• Act as a trusted technical advisor on cyber security technologies risks and best practices.

Knowledge and Skills-

• Strong understanding of cyber security frameworks and standards (e.g. NIST CIS ISO 27001).
• Strong knowledge of attack techniques and defensive methodologies (e.g. MITRE ATT&CK Cyber Kill Chain).

• Advanced handson experience with security technologies including SIEM SOAR EDR/XDR firewalls email security cloud security tooling and vulnerability management platforms.
• Experience working with MDR platforms such as Arctic Wolf or Microsoft Defender for Experts is preferred
• Strong understanding of security architecture network communications operating systems and cloud infrastructure.
• Ability to collect analyze and interpret security telemetry logs and threat intelligence.
• Strong analytical and problemsolving skills with the ability to operate effectively during highpressure security incidents.
• Detailoriented highly organized and capable of managing multiple concurrent priorities.
• Strong written and verbal communication skills with the ability to explain technical security concepts to nontechnical audiences.
• Ability to work independently as well as collaboratively within crossfunctional teams.
• Continuous learner with a strong interest in emerging technologies threats and security practices.

Education and Experience-

• Degree or diploma in Information Security Computer Science Information Systems Engineering or a related field or equivalent practical experience.
• Cybersecurity certifications with a focus on Microsoft Azure and Microsoft 365 security are preferred.
• Minimum 10 years experience in progressive technology roles.
• Minimum 5 years experience in roles with Cyber Security and Information Security job responsibilities (e.g. architecture incident response vulnerability management etc.).
• Minimum of 5 years of cloud infrastructure experience preferably Azure and/or AWS.
• Significant experience in enterprise IT environments including systems networks and cloud platforms.
• Demonstrated handson experience across multiple cyber security domains such as incident response security operations cloud security and vulnerability management.
• Experience in regulated environments (e.g. healthcare public sector government) is an asset.

Attributes and Competencies-

• Works within the broad objectives of PHO and applicable government or policies standards rules.
• Assesses and advises leadership on how best to manage cyber risk across programs against established risk system/model business or programs.
• Advises best course of action during cyber incidents. Must be able to provide sound judgement under significant stressors.
• Acts as a thought leader and thinker for cyber security across the organization to drive sound innovative and compliant approaches to Cyber and Information Security.
• Promotes and leads the operational implementation of cyber security strategies directions and practices.
• Monitors and ensures alignment of security practices controls patterns and solutions across all domains to mitigate identified risks and gaps.
• Identifies issues and recommends options for risk management at appropriate levels within PHO and with external partners.

Please note: applications will be received no later than 11:59pm on the date preceding the closing date as indicated on the Job Requisition.

Note: Internal candidates will be considered first.

While we thank all applicants for their interest only those selected to move forward in the recruitment process will be contacted. Any information obtained during the course of recruitment will be used for employment recruitment purposes only and not for any other purpose.

PHO is committed to ensuring equity in employment. Our goal is to create a diverse inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals. Any candidate who requires a job posting in an alternative format may email a request to Once an applicant has been selected for an interview they can inform PHO about any accommodations they may require at any stage of the interview process.