Information Security Engineer- 6 month contract- (Hybrid)
Vancouver
Central 1
Central 1 cooperatively empowers credit unions and other financial institutions to deliver banking choice to Canadians. Central 1 provides critical services at scale to enable a thriving credit union system. We do this by collaborating with our clients, developing strategies, products and services to support the financial well-being of their more than 5 million diverse customers in communities across Canada. For more information, visit www.central1.com.
What we offer:
- Work-life flexibility
- Hybrid work environment
- One time allowance to set up your office for remote first employees
- Variable annual incentive plan
- Generous annual vacation allotment
- Top-notch flexible benefits plan
- Retirement Plan, matched contributions at 6%
- Access to a learning platform and educational assistance support
- Career development opportunities
- Wellness Flex Fund to support personal interest and activities
- Day off to volunteer in your community and other paid time off options
- Corporate discounts
*subject to employment agreement
Job Summary:
Join Central 1 on a 6-month contract as an Information Security (IS) Engineer. In this pivotal role, you will ensure adherence to security standards and guidelines across multiple project and product teams. Your ability to adapt seamlessly to diverse audiences and foster strong collaboration will be critical as you leverage your expertise to identify, prioritize, and proactively mitigate security threats. Remaining abreast of industry trends, including emerging threats and technologies, is paramount. Additionally, you will champion security awareness throughout all business lines and adeptly integrate security practices within Agile environments.
What you'll be doing:
Security Implementation:
Develop and implement security measures for the protection of computer systems, networks, and information.
Conduct thorough risk assessments to identify vulnerabilities and strategize mitigation approaches.
Define system security requirements and prepare comprehensive reports on findings.
Document and review standard operating procedures and protocols.
Prepare detailed reports with findings, outcomes, and recommendations for enhancing system security.
Utilize commercial off-the-shelf testing tools (e.g., vulnerability scanners, intercepting proxies) and create exploits using chosen programming languages
Strategic Planning:
Develop and maintain processes to support Threat Modelling and Risk Assessments at both the product and project levels.
Lead the planning and design of enterprise security architecture, coordinating with system owners, control providers, and stakeholders to allocate security controls effectively.
Create and maintain enterprise security documents, including architecture blueprints, policies, standards, baselines, guidelines, and procedures.
Oversee and contribute to the design and deployment of technology solutions to ensure they adhere to industry best practices.
Acquisition and Deploymen:t
Design tools and platforms to enhance capabilities within the Information Security domain.
Establish and maintain partnerships with security vendors to support organizational goals.
Stay updated on the latest in information security, including new or improved security solutions, processes, and emerging threat vectors.
Recommend enhancements or new security solutions to improve overall enterprise security.
Develop secure testing strategies to ensure project readiness.
Operational Management:
Participate in investigations of problematic activities, prioritize vulnerabilities, and validate fixes for existing security issues.
Lead the design and execution of vulnerability assessments and penetration tests.
Conduct security reviews, identify gaps in security architecture, and develop risk management plans.
Provide security input for statements of work and other project documents.
Evaluate security architectures and designs to ensure adequacy in response to project requirements.
What you'll have:
A university degree with 10+ years of experience in Information Technology, including at least 5 years in Information Security, and 2 or more years in an architecture role.
Preferred certifications:
(ISC)² - CISSP
GIAC - GSEC, GCIH, GCIA, GCFE, GWAPT, or GPEN
AWS - Solutions Architect, Certified Security
Azure - Microsoft Certified: Azure Security Engineer
Proficiency in methods and standards for describing, analyzing, and documenting enterprise IT and Security Architecture, such as SABSA.
Experience in integrating hardware and software solutions.
Knowledge of Public-Key Infrastructure (PKI) encryption and digital signature applications (e.g., S/MIME email, SSL traffic).
Expertise in designing countermeasures for security risks.
Strong background in threat modeling techniques, such as STRIDE.
Experience with deploying and supporting complex web application environments.
Proficiency with Web Application Security controls (e.g., WAF, DDoS) and Application Security testing tools (e.g., SAST, DAST).
Working knowledge of cloud platforms, particularly AWS and Azure.
In-depth understanding of OWASP Top 10 and SANS Top 25 security vulnerabilities.
Comprehensive knowledge of IP, TCP/IP, and other network administration protocols.
Ability to apply network security architecture concepts, including topology, protocols, components, and principles (e.g., defense-in-depth).
Strong familiarity with Windows, Linux, and Mac operating systems.
Understanding of compliance frameworks, including ISO 27001 and NIST CSF.
Ability to prioritize and execute tasks effectively under pressure.
Strong written, verbal, and interpersonal communication skills.
Capability to conduct research into information security issues and products as needed.
Ability to present ideas in a clear, business-friendly, and user-friendly manner
Team-oriented and adept at collaborative work.
Hourly rate: $85.00-$100.00
Central 1 is an equal opportunity employer and committed to building an inclusive workforce by creating an environment where everyone feels like they belong and has the opportunity to be successful. We welcome all applicants to join our diverse workforce and we will provide an accessible candidate experience including, but not limited to accommodations to interview sites and alternate formats upon request to our Recruitment team.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security AWS Azure Banking CISSP Cloud Compliance DAST DDoS Encryption Exploits GCFE GCIA GCIH GIAC GPEN GSEC GWAPT ISO 27001 Linux Network security NIST OWASP PKI Risk assessment Risk management SANS SAST TCP/IP Vulnerabilities Windows
Perks/benefits: Career development Flex hours Flex vacation Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs