IT Security Analyst

Job Description:

Position summary:

Responsible for performing security audits, risk assessments, and analysis. This also includes making recommendations for enhancing security for all IT systems, researching attempted breaches of IT security, rectifying security weakness and recommending improvements. This individual will also be required to formulate security policies and procedures. They will be responsible for ensuring the stability, integrity, and efficient operation of the organizations overall IT security. This individual will also play a role in planning, designing, and implementing new IT security related projects and initiatives as well as take a security advisory role in other IT projects when assisting Infrastructure team.

Essential functions:

Vulnerability Management

Works with various technical leads and system/network administrators to better understand and mitigate risks in their environments.

Identifies areas of risk in our and third-party systems that may lead to the possibility of being attacked or harmed and classifies these risks based on a wide variety of criteria such as risk ratings, criticality, availability of exploit code, ease of exploitation, results of a successful exploitation, required expertise etc.

Remediates vulnerabilities by working with appropriate system and service owners to ensure they have a complete picture of where their risk exists and a reasonable plan to address these risks.

Vulnerability Management

Works with various technical leads and system/network administrators to better understand and mitigate risks in their environments.

Identifies areas of risk in our and third-party systems that may lead to the possibility of being attacked or harmed and classifies these risks based on a wide variety of criteria such as risk ratings, criticality, availability of exploit code, ease of exploitation, results of a successful exploitation, required expertise etc.

Remediates vulnerabilities by working with appropriate system and service owners to ensure they have a complete picture of where their risk exists and a reasonable plan to address these risks.

Security Incident Response

Acts as a first responder for detected system breaches and account compromises by assessing the situation and determining the appropriate points of follow-up or escalation

Ensures forensic integrity and chain-of-custody is maintained for all analyzed media, devices and resources involved in a potential breach or compromise

Provides technical security subject matter expertise to third party law enforcement agencies

Act as the internal subject matter expert, working with both the business, and any third party security response companies as required.

Security Infrastructure Management (Firewalls/VPN/IPS)

Upgrades firewall and VPN operating systems and associated software to ensure current code releases and bug fixes are implemented

Maintains the base configuration image and documentation for firewall and VPN deployments.

Builds and develops custom threat signatures to keep pace with emerging threats as required

Development and implementation of an Intrusion Prevention and Detection deployment, as well as third-party intelligence gathering technologies

Education and Awareness

Present on various security topics to a wide range of organizational audiences as required

Liaison with other units, roles, and individuals throughout organization to develop effective security related training

Other

Participate in after-hours and weekend requests for assistance with security related duties

Troubleshoots unexpected or unplanned outages and works with other members of IT to see the incident through to completion

Other duties are assigned.

Education/Skills:

University degree in a related field or 2-year information technology diploma or 10 years related experience in Infrastructure

Any combination of one or more of the following professional designations is preferred: CEH, GSEC, OSCP, CCNP Security, Security+, CISSP

Knowledge of TCP/IP, encryption fundamentals, firewall/VPN/IPS systems, vulnerability management, mobile device management, etc.

Deep understanding of the Microsoft Cybersecurity Reference Architecture

Demonstrated experience implementing and operationalizing Microsoft security services and technologies.

Demonstrable experience implementing zero-trust controls and principles, including conditional access and related policies.

Knowledge of Window/Mac/Linux operating systems

Knowledge of current and emerging threats

Knowledge of ITSM & certification inI TIL v3is desirable

Knowledge of Forit net and Meraki equipment

Knowledge of Azure and AWS cloud services

Knowledge of information security standards such as NIST, ISO 27001, and CIS

Excellent written and oral communication skills

Excellent ability to communicate complex topics and ideas to a wide variety of audiences

Ability to work independently and within a team environment

Job Ident #: 1147

Company Details

De Havilland Canada

123 Garratt Blvd
Toronto, Ontario M3K 1Y5 Canada
dehavilland.com

Throughout an impressive 75-year history of producing various models of aircraft in Canada and for the world, De Havilland has always proudly been known for its adaptability and dependability. Being responsible for creating some 3,500 aircraft—includ...

Supported Manufacturers:
De Havilland

Supported Models:
Dash 8-400

(Job and company information not to be copied, shared, scraped, or otherwise disseminated/distributed without explicit consent of JSfirm, LLC)

Job Info

Location

Calgary, Alberta, Canada

Type

Permanent

Company Details

De Havilland Canada

123 Garratt Blvd
Toronto, Ontario M3K 1Y5 Canada
dehavilland.com