Senior Information Security Analyst - Toronto, Canada - Thentia

Description

About Thentia

Thentia is a fast-growing, venture capital-backed software as a service (SaaS) company that is emerging as a world leader in government technology with a platform that is transforming and modernizing how regulatory organizations are conducting business. As a company of builders, thinkers, and owners, Thentia gives employees the opportunity to create amazing solutions, showcase their talents, and benefit from our shared success as we scale up in the U.S., Canadian, and global markets. Our solutions directly impact public trust and regulatory integrity, helping regulators and agencies meet 21st century standards by leveraging predictive analytics, Big Data, AI, and other innovative capabilities.

About The Role

The Senior Information Security Analyst (Cloud Specialist) encompasses a multifaceted expertise in Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), alongside a keen focus on Infrastructure security. Building crucial relationships both within and outside the organization is paramount, facilitating strategic insights. Collaboration is central to the role, working with various stakeholders to define and implement practical security standards across all stages of the Solution Deployment Lifecycle. Demonstrating poise and professionalism, especially in challenging situations, is key. Additionally, ensuring effective communication of security knowledge gained through assessments involves close collaboration with multiple stakeholders, emphasizing timely dissemination for comprehensive understanding and action.

Responsibilities

• Regularly engage, along with the VP, Information Security, with all departments to facilitate discussions about risk and remediation of known issues
• Support business units who are launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage through requirements contribution, design reviews, automated testing report reviews, manual configuration reviews, and penetration testing coordination
• Understand breach and attack simulation (BAS) solutions and Threat Modeling and work with the team to validate controls effectiveness.
• Work with teammates to consistently learn and share advanced skills and foster team excellence
• Document and formally report risk assessment results, along with remediation recommendations and validation
• Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them
• Review and approve change tickets and occasionally attend and participate in change management policy discussions and meetings
• When necessary, assist in threat and incident response (IR) tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention)
• Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities
• Provide Subject Matter Expertise and maintain Information Security hardening standards and best practices
• Perform other duties as assigned to support InfoSec team's mission (e.g. SOC pager duty, vacation coverage and special projects)

Qualifications

• Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent
• At least 10-15 years' experience performing internal Information Security and IT deployment risk assessments
• At least 5-7 years' experience assessing IaaS security risks for at least one of the 3 major IaaS (Azure, GCP, AWS)
• At least 5-7 years' experience in information security administration, offensive tactics, monitoring and IR
• Must be CISSP certified
• AWS, Azure or GCP Architect or Security certifications are highly preferred
• Proficient in scripting languages such as Python, PowerShell, Bash or Ruby
• Strong operating system knowledge across *nix, Windows and Mac; proficient with networking protocols
• Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA)
• Understanding of OWASP, the MITRE ATT&CK framework and strategies for embedding Security in software development lifecycle (SDLC) utilizing DevOps technologies
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well
• Self-starter requiring minimal supervision

We're proud to be 'Great Place to Work' certified in the U.S. and Canada. Nearly 90% of our employees have participated and nearly 9 out of 10 employees overall agreed that Thentia is a 'great place to work'.

What we offer - Thentia provides employees with:

• A competitive base salary
• Fully paid for health and wellbeing benefits (subject to country differences)
• Paid vacation, holidays, wellbeing days, and volunteer days (subject to country differences)
• Opportunity for discretionary performance bonuses (or sales commissions, based on role)
• Opportunities for personal and professional growth, promotion, and advancement
• Opportunity to work within a high performing culture
• A learning environment to challenge yourself and others to do their best work
• An environment to do innovative work
• An ability to make an impact in an evolving industry that impacts public trust and safety

What we look for:

We know that Thentia's culture isn't going to be for everyone. We work hard, smart, diligently, and are looking for people who are motivated to be part of building something great and who want to make an impact in a unique industry. We lead by our Thentia 8 Principles of customer focus, integrity, accountability, adaptability, achievement, purpose, teamwork, and being authoritative. Check out our company website ) as you consider if we're the right place for you.

Our Commitment

Thentia is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We are building products for a diverse world and are committed to building and fostering an environment where our employees feel included, valued, and heard, which enables us to make commerce better for everyone. We strongly encourage applications from racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, provincial, or local laws in the regions we operate. This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, or internships.

We thank all applicants in advance for applying. Only individuals selected for interviews will be contacted

Staffing Firms: Thentia does not accept unsolicited submissions. All firms must have valid agreements in place