Security Assessment Analyst

With Canadian Security Intelligence Service (CSIS) in Ottawa - CA

More jobs from Canadian Security Intelligence Service (CSIS)

Posted on June 09, 2019

About this job

Compensation: C$79k - 96k
Location options: Paid relocation
Job type: Full-time
Experience level: Mid-Level, Senior
Role: System Administrator
Industry: Government
Company size: 1k-5k people
Company type: Public

Technologies

security, sql, python, ruby, linux, sysadmin

Job description

Job Summary

Implement and administer IT security policies and procedures;

Ensure the integrity, confidentiality, and availability of critical data resources and automated system components;

Administer and configure the Enterprise Management suite of tools;

Manage IT vulnerability management services by analyzing, prioritizing, and conducting vulnerability assessments and penetration testing;

Provide regular and on-going security assessments of IT systems and networks, including the maintenance of its policies and procedures;

Develop and maintain Security Configuration Benchmarks (SCB) or Security Technical Implementation Guides (STIGS) used in applications, databases, systems, and networks;

Work with clients to ensure compliance to security policies and IT security hardening frameworks; and

Assist the Security Operations Center (SOC) to address detected security concerns and escalations.

Education

Undergraduate degree and three (3) years of relevant experience

Technologist diploma or Professional technologist equivalency designation and four (4) years of relevant experience

Fields of study: Computer science, electrical, electronics, network security, telecommunications, or engineering

The educational program must be from an accredited learning institution recognized in Canada. 

Note: Any higher level of education could be recognized as experience.

Experience

Candidates who do not fully possess the experience required may be considered for this position as an underfill.

Experience in IT security including investigating security incidents and implementing associated corrective action

A minimum of one (1) year of Vulnerability Management Services performing vulnerability assessments and/or penetration testing.

Recentand significant experience in penetration testing using products such as, but not limited to Kali/Backtrack, Metasploit, NExpose, Nikto, SQLmap, and Veil-Framwork, and the customization of its scripts, exploits, and payloads.

Recent experience implementing and customizing technical security controls in recognized hardening frameworks such as, but not limited to CIS - Security Configuration Benchmarks and/or NIST - Security Technical Implementation Guides.

Recentand significant experience in running Vulnerability Management assessments using various tools and following industry standard practices.

Recent experience analyzing, designing, and/or implementing security controls in business applications and infrastructure systems in both Linux and Windows environments.  

Experience in network security skills such as packet, vulnerability and exploit analysis.   

Recent experience is defined as experience acquired within the last four (4) years.

Significant experience is defined as the depth and breadth of experience that would normally be acquired by a person in a position where the performance of these duties constitutes his or her main functions over a period of two (2) years.

Assets:

  • Information Security Certifications including:

Offensive Security Certified Professional/ Certified Expert (OSCP/OSCE; OffSec)

Global Information Assurance Certified Penetration Tester (GPEN; GIAC)

  • Certified Penetration Testing Consultant/Engineer (CPTC/CPTE; EC-Council)

  • Certified Penetration Tester/Certified Expert Penetration Tester (CPT/CEPT; IACRB)

Foundational understanding of:

NIST 800-115

ISECOM - Open Source Security Testing Methodology Manual

Bypassing System ASLR & NX/DEP (such as Return Oriented Programming / Code Reuse)

Heap Spraying (such as Management, Feng Shui & Heaplib) and Browser User-After-Free Conditions

EMET Protection (such as LoadLibrary, MemProt, Caller, SimExecFlow, StackPivot)

Code Poly/Metamorphism, Caves, Splitting, Packing, Obfuscation and/or Encryption

  • OWASP References and SQL Vulnerabilities

Experience with:

Assembly Language (x86/64), C, Python, Ruby, and/or SQL Language(s)

GCC & MinGW Compilers

Virtualization Technologies

Competencies

  • Behavioral Flexibility
  • Initiative
  • Problem Solving
  • Analytical Skills
  • Collaboration

Apply here