Information Security Engineer- 6 month contract- (Hybrid)

Central 1 cooperatively empowers credit unions and other financial institutions to deliver banking choice to Canadians. Central 1 provides critical services at scale to enable a thriving credit union system. We do this by collaborating with our clients, developing strategies, products and services to support the financial well-being of their more than 5 million diverse customers in communities across Canada. For more information, visit www.central1.com.

What we offer:

• Work-life flexibility 
• Hybrid work environment 
• One time allowance to set up your office for remote first employees
• Variable annual incentive plan
• Generous annual vacation allotment
• Top-notch flexible benefits plan 
• Retirement Plan, matched contributions at 6%
• Access to a learning platform and educational assistance support
• Career development opportunities
• Wellness Flex Fund to support personal interest and activities
• Day off to volunteer in your community and other paid time off options
• Corporate discounts

*subject to employment agreement

Job Summary:

Join Central 1 on a 6-month contract as an Information Security (IS) Engineer. In this pivotal role, you will ensure adherence to security standards and guidelines across multiple project and product teams. Your ability to adapt seamlessly to diverse audiences and foster strong collaboration will be critical as you leverage your expertise to identify, prioritize, and proactively mitigate security threats. Remaining abreast of industry trends, including emerging threats and technologies, is paramount. Additionally, you will champion security awareness throughout all business lines and adeptly integrate security practices within Agile environments.

What you'll be doing:
 

Security Implementation:

• Develop and implement security measures for the protection of computer systems, networks, and information.

• Conduct thorough risk assessments to identify vulnerabilities and strategize mitigation approaches.

• Define system security requirements and prepare comprehensive reports on findings.

• Document and review standard operating procedures and protocols.

• Prepare detailed reports with findings, outcomes, and recommendations for enhancing system security.

• Utilize commercial off-the-shelf testing tools (e.g., vulnerability scanners, intercepting proxies) and create exploits using chosen programming languages

Strategic Planning:

• Develop and maintain processes to support Threat Modelling and Risk Assessments at both the product and project levels.

• Lead the planning and design of enterprise security architecture, coordinating with system owners, control providers, and stakeholders to allocate security controls effectively.

• Create and maintain enterprise security documents, including architecture blueprints, policies, standards, baselines, guidelines, and procedures.

• Oversee and contribute to the design and deployment of technology solutions to ensure they adhere to industry best practices.

Acquisition and Deploymen:t

• Design tools and platforms to enhance capabilities within the Information Security domain.

• Establish and maintain partnerships with security vendors to support organizational goals.

• Stay updated on the latest in information security, including new or improved security solutions, processes, and emerging threat vectors.

• Recommend enhancements or new security solutions to improve overall enterprise security.

• Develop secure testing strategies to ensure project readiness.

Operational Management:

• Participate in investigations of problematic activities, prioritize vulnerabilities, and validate fixes for existing security issues.

• Lead the design and execution of vulnerability assessments and penetration tests.

• Conduct security reviews, identify gaps in security architecture, and develop risk management plans.

• Provide security input for statements of work and other project documents.

• Evaluate security architectures and designs to ensure adequacy in response to project requirements.

What you'll have:

• A university degree with 10+ years of experience in Information Technology, including at least 5 years in Information Security, and 2 or more years in an architecture role.

• Preferred certifications:

• (ISC)² - CISSP

• GIAC - GSEC, GCIH, GCIA, GCFE, GWAPT, or GPEN

• AWS - Solutions Architect, Certified Security

• Azure - Microsoft Certified: Azure Security Engineer

• Proficiency in methods and standards for describing, analyzing, and documenting enterprise IT and Security Architecture, such as SABSA.

• Experience in integrating hardware and software solutions.

• Knowledge of Public-Key Infrastructure (PKI) encryption and digital signature applications (e.g., S/MIME email, SSL traffic).

• Expertise in designing countermeasures for security risks.

• Strong background in threat modeling techniques, such as STRIDE.

• Experience with deploying and supporting complex web application environments.

• Proficiency with Web Application Security controls (e.g., WAF, DDoS) and Application Security testing tools (e.g., SAST, DAST).

• Working knowledge of cloud platforms, particularly AWS and Azure.

• In-depth understanding of OWASP Top 10 and SANS Top 25 security vulnerabilities.

• Comprehensive knowledge of IP, TCP/IP, and other network administration protocols.

• Ability to apply network security architecture concepts, including topology, protocols, components, and principles (e.g., defense-in-depth).

• Strong familiarity with Windows, Linux, and Mac operating systems.

• Understanding of compliance frameworks, including ISO 27001 and NIST CSF.

• Ability to prioritize and execute tasks effectively under pressure.

• Strong written, verbal, and interpersonal communication skills.

• Capability to conduct research into information security issues and products as needed.

• Ability to present ideas in a clear, business-friendly, and user-friendly manner

• Team-oriented and adept at collaborative work.

Hourly rate: $85.00-$100.00
 

Central 1 is an equal opportunity employer and committed to building an inclusive workforce by creating an environment where everyone feels like they belong and has the opportunity to be successful. We welcome all applicants to join our diverse workforce and we will provide an accessible candidate experience including, but not limited to accommodations to interview sites and alternate formats upon request to our Recruitment team.