Vulnerability Management Analyst - Montréal (St-Laurent ), Canada - CAE

Description

Role and Responsibilities

Vulnerability Management Analyst

If you've taken a plane to any destination in the world, chances are, your pilot was trained by CAE. With its strong customer focus, the Digital Accelerator team is dedicated to elevating the training experience to make pilots the best they can be.

Here are few reasons why folks love working at CAE

• Meaningful work that drives professional development
• Ability to enter and grow within the technology industry
• Work in a collaborative environment
• Be part of a high-performance team

What we have to offer

• Benefits: fully flexible for you to choose what is important
• Retirement: Defined Benefits Retirement Plan & Group Registered Retirement Savings Plan (RRSP)
• Financial Perks: Employee Stock Purchase Plan & numerous corporate discounts
• Personal and Family Programs: Physical Wellness Plan & Supplementary Maternity Plan
• Work-Life Balance: Flex time & California Fridays all year
• Fun at work: social and community events all-year round

Your main role and responsibilities

• Individual contributor & a great team player
• Co-ordinate and manage timely remediation of security vulnerabilities across a variety of technologies
• Identify, resolve and document any false positive findings in vulnerability assessment results
• Collaborate with application teams and business unit owners to submit Risk letters in order to be compliant with organization's IT security and risk management framework
• Perform weekly/monthly and adhoc vulnerability assessments for servers, user systems, Network assets, public facing assets and databases using Rapid7 and Delve
• Managing Scan Configurations which includes Asset Grouping, Appropriate Authentication, Update Scan Templates, Update Scan Engine Pool and Scan & Report Scheduling.Manage and troubleshoot vulnerability management tools
• Monitor overall vulnerability scan status , engine health check , report generation and ensure successful scan completion with proper authentication
• Troubleshoot Scans for any missing assets and assets scanned with improper authentication or authentication failure. Open support case with Scanning tools vendor for appropriate support
• Track vulnerability remediation via the Ticketing system and perform validation by Adhoc Scans
• Proficiency in using vulnerability scanning tools (e.g., Tenable, Nessus, Qualys, Burpsuite, OpenVAS, etc.)
• Coordinate with the Core Network, endpoint teams and Server Teams to discuss patches that are not applied for a longer time , Target Patch Level, CVE's covered by corresponding patch
• Knowledge of the Common Vulnerability Scoring System (CVSS) vulnerability assessment method, operation concepts and corrective updates
• Hands on working knowledge of web application vulnerability assessment, DevSecOps integration, Golden pipeline, SCA, SAST, DAST, etc.
• Minimum 5 to 8 Years of experience in the information security domain
• CEH, OSCP, Security+, ITIL or other security certifications are required
• Job offer is based on the positive screening & interview along with the positive background & reference check

Join the driver of change at CAE: our next growth horizon will be reached above all through digital innovation for our customers' success.

( #LI-CL1 )

Position Type

CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.

Equal Employment Opportunity

At CAE, everyone is welcome to contribute to our success. With no exception.

As captured in our overarching value "One CAE", we're proud to work as one passionate, boundaryless and inclusive team.

At CAE, all employees are welcome regardless of race, nationality, colour, religion, sex, gender identity or expression, sexual orientation, disability, neurodiversity or age.