Security Analyst Enterprise Technology
Mississauga, ON, CA, L5N 0E1
Applications have closed
Description
Working in Purolator’s Security Risk and Compliance team, the IT Security Analyst is responsible for governing all security aspects ensuring compliance to security guidelines, security auditing requirements, and following industrial best practices.
The IT Security Analyst will have an opportunity to develop and support our internal security technologies and services across the organization, working closely with other practice leads and the product teams to promote Dev/SecOps practices. The successful candidate will be driving implementation and adoption of security practices for the product lifecycle of the Business Solution Delivery (BSD) group from Architecture to Design, Test, Deployment and Operations.
The work we do at Purolator impacts every Canadian. To work with us, you must be eligible to obtain a Reliability Security Clearance
Responsibilities
- Understand and improve the access model and bring security awareness to the product teams on applicable standards/policies.
- Work with business and project teams to govern SAP/middleware access requests and related issues by following the standardized processes and procedures.
- Manage the penetration testing process from end to end working closely with project teams and various vendors.
- Assist in resolving issues related to roles & authorization, and in implementing a testing strategy for credentials management, code quality, vulnerability assessment, secrets management, and other roles & authorization related development.
- Performing risk assessments, threat modeling and security architecture reviews, and prepare and maintain security related documents as and when required.
Additional Responsibilities
- Familiarity with network layer technologies – FWs (Juniper, Checkpoint or similar), EDR fundamentals, VPN technologies, DNS.
- Experience in designing and configuring SAP security solutions such as GRC Access Control, Identity Access Governance, GRC Process Control, SAP Enterprise Threat Detection and Onapsis.
- Expertise in threat modeling frameworks.
- Knowledge of OWASP Top 10, STRIDE, MITRE ATT&CK framework or similar.
- Knowledge of NIST SP 800-53 Risk Management Framework.
- Experience using Jira for Agile software development and deliver methodology.
Education
- Academic: University degree in engineering, computer science, business, or equivalent.
- Certifications: CISSP, CISA, or CISM are recommended.
Experience
- 5+ years experience in the IT Security field.
- Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
- Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
- Sharp analytic and problem-solving capabilities that go beyond strict technical expertise.
- Leadership skills, experience working with various stakeholders.
- Experience managing and supporting privileged Access Management solutions.
- Knowledge of entitlements and access control the various protocols for tracking records such as LDAP.
- Experience with cyber security, controls testing, and presenting.
- Strong SaaS/Application/Network security knowledge and experience. Extensive experience and knowledge in as many as possible of the following areas:
- Application Security, SAP and non-SAP applications
- Middleware Management
- Data Security
- Identity and Access Management - AWS Cloud, Okta, OpenID, OAuth, SAML, 2FA
- Cloud Computing, Cloud Network Services and Software-Defined Networking (SDN)
- Cyber Security and Cyber Investigation
- Familiarity with Web technologies and standards – HTTP/S, JSON, REST, SOAP, XML, W3C Standards, Python.
- SCA and SAST tools – OWASP Dependency-Check, OWASP Dependency-Track, Snyk, Veracode, SonarQube or similar.
- Experience in Disaster Recovery, Test and Evaluation, and Risk Management.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Audits AWS BSD CISA CISM CISSP Clearance Cloud Compliance Computer Science DNS EDR Governance IAM Industrial Jira JSON LDAP MITRE ATT&CK Network security NIST NIST 800-53 Okta OpenID OWASP Pentesting Python Risk assessment Risk management RMF SaaS SAML SAP SAST SecOps Security Clearance SonarQube Strategy Threat detection Veracode VPN XML
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs