Security Assessment Analyst
With Canadian Security Intelligence Service (CSIS) in Ottawa - CAMore jobs from Canadian Security Intelligence Service (CSIS)
Posted on June 09, 2019
About this job
Compensation: C$79k - 96k
Location options: Paid relocation
Job type: Full-time
Experience level: Mid-Level, Senior
Role: System Administrator
Company size: 1k-5k people
Company type: Public
security, sql, python, ruby, linux, sysadmin
Implement and administer IT security policies and procedures;
Ensure the integrity, confidentiality, and availability of critical data resources and automated system components;
Administer and configure the Enterprise Management suite of tools;
Manage IT vulnerability management services by analyzing, prioritizing, and conducting vulnerability assessments and penetration testing;
Provide regular and on-going security assessments of IT systems and networks, including the maintenance of its policies and procedures;
Develop and maintain Security Configuration Benchmarks (SCB) or Security Technical Implementation Guides (STIGS) used in applications, databases, systems, and networks;
Work with clients to ensure compliance to security policies and IT security hardening frameworks; and
Assist the Security Operations Center (SOC) to address detected security concerns and escalations.
Undergraduate degree and three (3) years of relevant experience
Technologist diploma or Professional technologist equivalency designation and four (4) years of relevant experience
Fields of study: Computer science, electrical, electronics, network security, telecommunications, or engineering
The educational program must be from an accredited learning institution recognized in Canada.
Note: Any higher level of education could be recognized as experience.
Candidates who do not fully possess the experience required may be considered for this position as an underfill.
Experience in IT security including investigating security incidents and implementing associated corrective action
A minimum of one (1) year of Vulnerability Management Services performing vulnerability assessments and/or penetration testing.
Recentand significant experience in penetration testing using products such as, but not limited to Kali/Backtrack, Metasploit, NExpose, Nikto, SQLmap, and Veil-Framwork, and the customization of its scripts, exploits, and payloads.
Recent experience implementing and customizing technical security controls in recognized hardening frameworks such as, but not limited to CIS - Security Configuration Benchmarks and/or NIST - Security Technical Implementation Guides.
Recentand significant experience in running Vulnerability Management assessments using various tools and following industry standard practices.
Recent experience analyzing, designing, and/or implementing security controls in business applications and infrastructure systems in both Linux and Windows environments.
Experience in network security skills such as packet, vulnerability and exploit analysis.
Recent experience is defined as experience acquired within the last four (4) years.
Significant experience is defined as the depth and breadth of experience that would normally be acquired by a person in a position where the performance of these duties constitutes his or her main functions over a period of two (2) years.
Information Security Certifications including:
Offensive Security Certified Professional/ Certified Expert (OSCP/OSCE; OffSec)
Global Information Assurance Certified Penetration Tester (GPEN; GIAC)
Certified Penetration Testing Consultant/Engineer (CPTC/CPTE; EC-Council)
Certified Penetration Tester/Certified Expert Penetration Tester (CPT/CEPT; IACRB)
Foundational understanding of:
ISECOM - Open Source Security Testing Methodology Manual
Bypassing System ASLR & NX/DEP (such as Return Oriented Programming / Code Reuse)
Heap Spraying (such as Management, Feng Shui & Heaplib) and Browser User-After-Free Conditions
EMET Protection (such as LoadLibrary, MemProt, Caller, SimExecFlow, StackPivot)
Code Poly/Metamorphism, Caves, Splitting, Packing, Obfuscation and/or Encryption
- OWASP References and SQL Vulnerabilities
Assembly Language (x86/64), C, Python, Ruby, and/or SQL Language(s)
GCC & MinGW Compilers
- Behavioral Flexibility
- Problem Solving
- Analytical Skills