IT Security Vulnerability Analyst - Ottawa, Canada - High Tech Genesis

Description

Location: Remote or on-site in Ottawa ON or Gatineau QC

Term: Contract

Secret Clearance is required.

High Tech Genesis is hiring an IT Security Vulnerability Analyst with 10+ years of experience and secret clearance. This position involves a comprehensive range of responsibilities focusing on assessing, analyzing, and addressing IT security threats and vulnerabilities. The ideal candidate should possess skills in assessing IT security configurations, identifying vulnerabilities, managing security tools, and interpreting security policies.

Roles and responsibilities:

1. Assess, analyze, and/or implement:

• Analysis tools utilized by threat agents, alongside various emerging technologies such as privacy enhancement, predictive analysis, VoIP, data visualization and fusion, wireless security devices, as well as PBX and telephony firewall solutions.
• War dialers, password crackers;
• Public Domain IT vulnerability advisory services;
• Network scanners and vulnerability analysis tools such as SATAN, ISS, Portscan & Nmap;
• Networking Protocols (HTTP, FTP, Telnet);
• Internet security protocols such as SSL, S-HTTP, S-MIME, IPsec, SSH, TCP/IP, UDP,
• DNS, SMTP, SNMP;
• Wireless Security;
• Intrusion detection systems, firewalls and content checkers; and,
• Host and network intrusion detection and prevention systems - Anti-virus management;

2. Identify threats to, and technical vulnerabilities of, systems including web-facing applications;
3. Conduct on-site assessments and analysis of system security logs;
4. Collect, collate, analyze and disseminate public domain information related to network computer threats and vulnerabilities, security incidents and incident responses;
5. Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings;
6. Complete tasks directly supporting the departmental IT Security and Cyber Protection Program;
7. Develop and deliver training material relevant to the resource category;
8. Prepare plan and approach documents including rules of engagement documents;
9. Conduct assessments on departmental solutions and provide a risk and impact-based observations;
10. Review, analyze and report on existing or potential IT security threats or vulnerabilities using security analysis tools and other emerging technologies;
11. Develop test plans and customized testing methodologies based on Project Authority or their delegate's approved engagement plans;
12. Develop tailor-made scripts for system and database scans, analyze scan results to identify vulnerabilities, assess associated risks and impacts, propose solutions, and estimate the effort needed for remediation actions;
13. Conduct configuration review and analysis over departmental IT security solutions, checking settings and maintenance processes;
14. Test deployed IT security solutions for known security weaknesses using vulnerability testing techniques;
15. Consult, interview and follow-up with key stakeholders, as appropriate;
16. Collect and perform documentation review and analysis;
17. Assess the implementation and application of security policies and procedures;
18. Examine compliance monitoring and reporting and identify areas of non-compliance; and,
19. Recommend remediation options based on proven results.

• MUST possess a degree, diploma or certificate from a recognized university or college in a related information technology discipline;
• Assess IT security configuration using threat agents' analysis tools and technologies;
• Identify vulnerabilities in IT solutions' code and configuration settings;
• Configure and manage IT security tools;
• Identify the technical threats to, and vulnerabilities of, a broad range of IT security technologies of IT solutions including databases;
• Conduct reviews and analysis of IT security solutions and practices and provide risks and impact of deviations from good practices;
• Interpret IT security policies and standards to assess adherence within IT security operations and systems; and
• Craft personalized scripts for scanning systems and databases, then assess scan results to generate reports detailing weaknesses, along with their associated risks, impacts, recommended fixes, and the level of effort required for remediation actions.

The candidate MUST possess at least two (2) of the following certifications:

• Global Information Assurance Certification (GIAC)
• Security Essentials Certification (GSEC)
• GIAC Security Expert (GSE)
• GIAC Penetration Tester (GPEN)
• GIAC Certified Incident Handler (GCIH)
• EC-Council Certified Ethical Hacker (CEH)
• CompTIA PenTest+
• CompTIA Advanced Security Practitioner (CASP+)
• Offensive Security Certified professional (OSCP)
• Knowledge of SA&A is a must

High Tech Genesis Inc. is an Equal Opportunity Employer. Diversity and inclusion are at the core of our values.
Please be advised:
1.Applicants must have the legal right to work in Canada.
2.Kindly submit your resume in MS Word format upon application for this position.