Eagle is currently seeking a Security Analyst. This is an eight (8) month, contract position scheduled to start in February.
The successful candidate will be responsible for:
- Participating in the design, development and implementation of security initiatives to ensure the best possible measures are in place to maintain a secure operation;
- Monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems and databases;
- Developing, implementing, and enforcing security strategies, policies and procedures;
- Analyzing, recommending and implementing security technologies such as firewalls, IDS network and server, certificates and PKI;
- Reviewing, analyzing, and applying relevant methodologies, programs, policies, procedures, standards, guidelines, and IT security risk management methodologies;
- Developing IT security standards, procedures and guidelines pursuant to the requirements of relevant standards, procedures and guidelines;
- Developing IT security policy in the areas of IT security and assurance, standard certification and accreditation frameworks for IT systems, information infrastructure protection, product evaluation, privacy, business continuity planning, contingency planning and disaster response planning, research and development;
- Developing and delivering training material relevant to the resource category;
- Identifying threats to, and vulnerabilities of operating systems such as MS, Unix, Linux, and Novell, and wireless architectures;
- Identifying personnel, technical, physical, and procedural threats to and vulnerabilities of IT systems;
- Developing reports such as data security analysis, concepts of operation, statements of sensitivity (SoSs), threat assessments, privacy impact assessments (pias), non-technical vulnerability assessments, risk assessments, it security threat, vulnerability and risk briefings;
- Conducting certification activities;
- Developing security certification plans;
- Verifying that security safeguards meet the applicable policies and standards;
- Validating the security requirements by mapping the system-specific security policy to the functional security requirements, and mapping the security requirements through the various stages of design documents;
- Verifying that security safeguards have been implemented correctly and that assurance requirement have been met;
- Confirming that the system has been properly configured, and establishing that the safeguards meet applicable standards;
- Conducting security testing and evaluation (ST&E) to determine if the technical safeguards are functioning correctly;
- Assessing the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk;
- Conducting accreditation activities such as reviewing the certification results in the design review documentation by the accreditation authority to ensure that the system will operate with an acceptable level of risk and that it will comply with the departmental and system security policies and standards;
- Identifying the conditions under which a system is to operate, for approval purposes;
- Ensuring developmental approval by both the operational and the accreditation authorities to proceed to the next stage in its system's life cycle development if sensitive information is to be handled by the system during development;
- Ensuring operational written approval for the implemented IT system to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system follows applicable security policies and standards; and,
- Ensuring interim approval which is a temporary written approval to process sensitive information under a set of extenuating circumstances where the risk is not yet acceptable, but there is an operational necessity for the system under development.
Skills and Qualifications
The qualified candidate must have:
- Four (4) plus years of experience with SAST, DAST and OSS solutions;
- Experience in integrating the solutions into DevOps pipeline;
- Familiarity with good security coding practice and proficiency in OWASP top 10 and secure coding frameworks;
- Experience with Veracode, Acunetix, and Nexus; and,
- Experience with Secure Assist (an asset).
Don’t miss out on this opportunity, apply online today!
Eagle is an equal opportunity employer and will provide accommodations during the recruitment process upon request. We thank all applicants for their interest; however, only candidates under consideration will be contacted. Please note that your application does not signify the beginning of employment with Eagle and that employment with Eagle will only commence when placed on an assignment as a temporary employee of Eagle.