Security Analyst Enterprise Technology

Description

Working in Purolator’s Security Risk and Compliance team, the IT Security Analyst is responsible for governing all security aspects ensuring compliance to security guidelines, security auditing requirements, and following industrial best practices.

The IT Security Analyst will have an opportunity to develop and support our internal security technologies and services across the organization, working closely with other practice leads and the product teams to promote Dev/SecOps practices. The successful candidate will be driving implementation and adoption of security practices for the product lifecycle of the Business Solution Delivery (BSD) group from Architecture to Design, Test, Deployment and Operations.

The work we do at Purolator impacts every Canadian. To work with us, you must be eligible to obtain a Reliability Security Clearance

Responsibilities

• Understand and improve the access model and bring security awareness to the product teams on applicable standards/policies.
• Work with business and project teams to govern SAP/middleware access requests and related issues by following the standardized processes and procedures.
• Manage the penetration testing process from end to end working closely with project teams and various vendors.
• Assist in resolving issues related to roles & authorization, and in implementing a testing strategy for credentials management, code quality, vulnerability assessment, secrets management, and other roles & authorization related development.
• Performing risk assessments, threat modeling and security architecture reviews, and prepare and maintain security related documents as and when required.

Additional Responsibilities

• Familiarity with network layer technologies – FWs (Juniper, Checkpoint or similar), EDR fundamentals, VPN technologies, DNS.
• Experience in designing and configuring SAP security solutions such as GRC Access Control, Identity Access Governance, GRC Process Control, SAP Enterprise Threat Detection and Onapsis.
• Expertise in threat modeling frameworks.
• Knowledge of OWASP Top 10, STRIDE, MITRE ATT&CK framework or similar.
• Knowledge of NIST SP 800-53 Risk Management Framework.
• Experience using Jira for Agile software development and deliver methodology.

Education

• Academic: University degree in engineering, computer science, business, or equivalent.
• Certifications: CISSP, CISA, or CISM are recommended.

Experience

• 5+ years experience in the IT Security field.
• Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
• Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
• Sharp analytic and problem-solving capabilities that go beyond strict technical expertise.
• Leadership skills, experience working with various stakeholders.
• Experience managing and supporting privileged Access Management solutions.
• Knowledge of entitlements and access control the various protocols for tracking records such as LDAP.
• Experience with cyber security, controls testing, and presenting.
• Strong SaaS/Application/Network security knowledge and experience. Extensive experience and knowledge in as many as possible of the following areas:
  • Application Security, SAP and non-SAP applications
  • Middleware Management
  • Data Security
  • Identity and Access Management - AWS Cloud, Okta, OpenID, OAuth, SAML, 2FA
  • Cloud Computing, Cloud Network Services and Software-Defined Networking (SDN)
  • Cyber Security and Cyber Investigation
• Familiarity with Web technologies and standards – HTTP/S, JSON, REST, SOAP, XML, W3C Standards, Python.
• SCA and SAST tools – OWASP Dependency-Check, OWASP Dependency-Track, Snyk, Veracode, SonarQube or similar.
• Experience in Disaster Recovery, Test and Evaluation, and Risk Management.