Security Analyst

Sorry, this job is no longer available. Please Search for Jobs to conduct a new search

Eagle is currently seeking a Security Analyst. This is a two (2) month, contract position scheduled to start in May.

Key Responsibilities

The successful candidate will be responsible for:

  • Participating in the design, development and implementation of security initiatives to ensure the best possible measures are in place to maintain a secure operation;
  • Monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems and databases;
  •  Developing, implementing, and enforcing security strategies, policies and procedures;
  • Analyzing, recommending and implementing security technologies such as firewalls, IDS network and server, certificates and PKI;
  • Reviewing, analyzing, and applying relevant methodologies, programs, policies, procedures, standards, guidelines, and IT Security Risk Management methodologies;
  • Developing IT Security standards, procedures and guidelines pursuant to the requirements of relevant standards, procedures and guidelines;
  • Developing IT Security policy in the areas of IT security and assurance, standard Certification & Accreditation frameworks for IT systems, information infrastructure protection, product evaluation, privacy, business continuity planning, contingency planning and disaster response planning, and research & development;
  • Developing and delivering training material relevant to the resource category;
  • Identifying threats to, and vulnerabilities of operating systems such as MS, Unix, Linux, and Novell, and wireless architectures;
  • Identifying personnel, technical, physical, and procedural threats to and vulnerabilities of IT systems;
  • Developing reports such as data security analysis, concepts of operation, statements of sensitivity, threat assessments, privacy impact assessments, non-technical vulnerability assessments, risk assessments, IT security threat, vulnerability and risk briefings;
  • Conducting certification activities such as develop security certification plans, verifying that security safeguards meet the applicable policies and standards, validating the security requirements by mapping the system-specific security policy to the functional security requirements, and mapping the security requirements through the various stages of design documents, verifying that security safeguards have been implemented correctly and that assurance requirement have been met;
  • Confirming that the system has been properly configured, and establishing that the safeguards meet applicable standards, conducting security testing and evaluation to determine if the technical safeguards are functioning correctly, assessing the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk;
  • Conducting accreditation activities such as reviewing of the certification results in the design review documentation by the accreditation authority to ensure that the system will operate with an acceptable level of risk and that it will comply with the departmental and system security policies and standards and identifying the conditions under which a system is to operate for approval purposes;
  • Working on developmental approval by both the operational and the accreditation authorities to proceed to the next stage in an IT system's life cycle development if sensitive information is to be handled by the system during development;
  • Providing operational written approval for the implemented IT system to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards;
  • Working on interim approval, a temporary written approval to process sensitive information under a set of extenuating circumstances where the risk is not yet acceptable, but there is an operational necessity for the system under development;
  • Assisting application team to automate security processes using DevOps technologies, including code review process, open source security and dynamic application security and integrate them into ticketing system;
  • Outlining secure CI/CD processes for automation and tool development;
  • Outlining deployment automation and integration strategy;
  • Developing scalable solutions that integrates security into devops pipelines 

Skills and Qualifications

The qualified candidate must have:

  • Six (6) year’s web services, DevOps, systems integration and automation experience;
  • Two (2) years’ experience building secure, scalable and highly available infrastructure using IaC such as Teraform, Ansible, Chef, Puppet, Salt stack, Kubernetes, and Docker SWARM;
  • Strong understanding of CI/CD processes;
  • Experience with technologies such as Nexus, Veracode, Acunetix, JIRA or similar SAST, DAST, OSS and ticketing tools;
  • Prior experience as Technical Lead in a development or team preferable;
  • Experience with Openshift, AWS, Azure and Google Cloud Platform;
  • Experience with Docker Swarm and Kubernetes to scale the security processes into DevOps pipeline;
  • Experience with API scripting using Jenkins and Javascript;
  • Excellent verbal and written communication skills;
  • Previous consulting firm experience (an asset); and,
  • Bilingualism in both French and English (an asset).

Don’t miss out on this opportunity, apply online today!

Eagle is an equal opportunity employer and will provide accommodations during the recruitment process upon request. We thank all applicants for their interest; however, only candidates under consideration will be contacted. Please note that your application does not signify the beginning of employment with Eagle and that employment with Eagle will only commence when placed on an assignment as a temporary employee of Eagle.

  • Posted On: May 01, 2019
  • Job Type: Contract
  • Job ID: 60740
  • Location: Montreal QC