Compétences recherchées — Connectez-vous et téléversez votre CV pour comparer avec votre profil
Détails du poste
- Lieu de travail : Montreal
- Type de poste : Permanent à temps plein
Our valued client is looking for a Snr Security Vulnerability Specialist to support the creation of a departmental vulnerability management program.
1 Full time & 1 Part Time (~10 days/month) position available
Responsibilities:
- Complete tasks directly supporting the creation of a departmental vulnerability management program.
- Following GC guidance, including but not limited to Government of Canada Guideline on Vulnerability Management.
- Document and implement vulnerability management capabilities, including but not limited to:
- Governance
- Understanding business dependencies on IT assets
- Identification of vulnerabilities
- Vulnerability risk assessment
- Mitigation activities
- Metrics, reporting and compliance
- Identify threats to, and technical vulnerabilities of, networks, systems and applications; technologies include but are not limited to Azure Cloud (IaaS, PaaS and SaaS), Third Party SaaS Services, IoT/IC, AI/LLMs (both self-hosted and as-a-service) as well as on-premises solutions.
- Collaborate with clients IT Services providers to implement and review vulnerability report data sources.
- Centralize Vulnerability Management reporting and correlations using technologies such as but not limited to Azure Power Platform, Sentinel, GraphAPIs, etc.
- Create processes and procedures to identify, manage and coordinate vulnerability management activities.
Must Have Skills:
- 10+ years of experience, within the last 15 years, performing IT Security Vulnerability Assessments (VA)
- 2+ years of experience, within the last 5 years reviewing, analyzing, and/or applying department-wide IT Security Vulnerabilities for Government of Canada (GoC) organizations:
- Threat agents, analysis tools and other emerging technologies including privacy enhancement, predictive analysis, VoIP, data visualization and fusion, wireless security devices, PBX and telephony firewall.
- War dialers, password crackers.
- Public Domain IT vulnerability advisory services.
- Network scanners and vulnerability analysis tools such as SATAN, ISS, Portscan & Nmap.
- Wireless Security.
- Intrusion detection systems, firewalls and content checkers.
- Host and network intrusion detection and prevention systems - Antivirus management.
- Working as a vulnerability specialist on a minimum of two IT security Projects for a **Large Government, (Federal, Provincial. Territorial, Municipal, or Crown Corporation) or a Large commercial client performing at least 3 of the following tasks across the referenced projects:
- Performing vulnerability testing, risk analysis and security assessments.
- Understanding various programming language environments and attaching simulations scenarios including performing vulnerability assessments on high virtualized environments.
- Understanding and implementing security policies and safeguards.
- Conducting analysis with network scanning and monitoring tools.
- Conducting impact analysis for configuration changes and patch management.
- Conducting internal and external IT security audits and,
- Recommending appropriate tools and countermeasures to mitigate IT security vulnerabilities.