Security Engineer
Victoria
Applications have closed
British Columbia Investment Management Corporation
With $199.6 billion in assets under management, British Columbia Investment Management Corporation (BCI) invests on behalf of BC's public sector.British Columbia Investment Management Corporation (BCI) is one of the largest asset managers in Canada. With $171.3 billion of managed assets, BCI invests globally on behalf of public sector clients. We do fulfilling and meaningful work that makes a difference: 630,000 pension plan beneficiaries and 2.5 million British Columbian workers depend on our clients’ returns. Ensuring their continued financial security is important to us.
The people who work at BCI are committed, passionate, and approachable. They aim for continuous improvement and share BCI’s core values of clients first, performance focused, world class, accountability, transparency, and integrity.
BCI is focused on building a culture of excellence through our people practices and employee led initiatives. Being named one of Canada’s Top 100 Employers, Canada’s Top Family-Friendly Employers and BC’s Top Employers is recognition of BCI’s ongoing effort to be a progressive workplace of choice that continues to attract, retain and promote talent professionals. As an active in-house asset manager, BCI depends on the specialized skills and expertise of its people to successfully execute its world-class investment strategies and fulfill client needs.
BCI offers an exceptional opportunity to work at a world-class organization while living in a west coast setting. We are expanding our team and our skill base to equip BCI for the future.
DEPARTMENT DESCRIPTION
The Technology department is responsible for developing technology solutions that contribute to the achievement of BCI’s mission and long-term goals. The department manages the Corporation’s business applications and information technology infrastructure, providing support to a large group of financial professionals. The department is also responsible for authoring technology-related directives and conducting disaster recovery planning to minimize risk to the Corporation’s delivery of investment services.
POSITION DESCRIPTION
Reporting to the Manager, Security & Risk, the Security Engineer is responsible for security operations, processes, products and projects with mid-level of complexity. The Security Engineer will develop security requirements, design and implement security solutions, and directly contribute to security architecture practices. S/he will collaborate and communicate with members of cross-functional teams in an Agile hybrid environment, and enable the effective and efficient delivery of secure, quality products. The position can be based in either Vancouver or Victoria with occasional travel between the two cities.
QUALIFICATIONS
Must Have:
- Bachelor’s degree in Technology, Engineering, Computer Science, or a related field
- A minimum of 5-8 years of experience in technical roles with responsibility focused on information security processes, products and projects
- Strong knowledge in secure systems engineering
- Demonstrated ability to implement programs and solutions to measure and sustain the security posture of large complex environments
- Excellent customer-service, communication (verbal, non-verbal, written, listening, and visual communication) and problem-solving skills
- Experience with developing security reference models, writing security policies and procedures, and able to communicate effectively with technical and business audiences
- Professional certifications such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent experience
Preferred:
- Experience with Agile methods (Scrum) and DevOps practices
TECHNICAL SKILLS REQUIREMENTS
- Must have some combination of strong hands on experience with at least 4 or 5 of the following:
- Authentication, authorization and encryption solutions
- Secure coding practices, ethical hacking and threat modeling
- Windows, UNIX and Linux operating systems security as well as Virtualization technology security
- Identity and privileged access management for on premise and hybrid cloud-based solutions
- EDR and/or other Endpoint Security Solutions
- Firewall and intrusion detection/prevention protocols
- Application security and encryption technologies
- Web Application Proxies including SSL Decryption
- Advanced Anti-Malware Controls at both the network and host level
- Data Classification and DLP Solutions
- Penetration and/or vulnerability testing
- Database platform security
- Centralized logging and monitoring solutions
- Ability to conduct formal forensic investigations and mount suitable incident responses
- Vulnerability Assessment, Remediation and Reporting
- Subnetting, NAC, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
- Phishing and Social Engineering
PRIMARY RESPONSIBILITIES
- Development of new and innovative ways to solve existing production security issues as well as evaluate new technologies and processes that enhance security capabilities
- Develops technical security requirements for new products, tools and services envisioned for implementation at BCI
- Very Key role in the deployment and maintenance of new security solutions across all BCI systems
- Collaborates and coordinates with application, operations and product teams to provide guidance on the development of secure product designs that meet security requirements
- Ability to effectively develop, document and communicate security reference models and security policies and procedures to technical and non-technical stakeholders
- Ability to communicate security issues and develop security user stories in language that non-technical stakeholders can understand
- Ability to deliver and test security solutions in alignment with industry security standards
- Ability to respond to information security issues at each stage of a project’s lifecycle
- Proactively identifies risks and issues and proposes solutions to remove barriers
- Performs validation and tuning of security testing tools to provide accurate and actionable results that drive improvements to BCI’s overall security posture
- Performs security monitoring of solutions and participates as a subject matter expert in security incident response scenarios
- Ensures that all application and infrastructure solutions are stable, secure, and compliant with security standards and policies
- Undertakes special projects or assignments as required
- Ability to document designs as well as produce technical reports in support of security initiatives
- Performs other related duties as required
COMPETENCIES
Learning Agility
Effective performers continuously seek new knowledge. They are curious and want to know “why”. They learn quickly and use new information effectively. They create and foster a culture of interest, curiosity, and learning.
Relationship Building
Effective performers establish and proactively maintain a broad network of relationships (e.g. colleagues, co-workers, vendors, suppliers, etc.). They value these relationships and work effectively across the organization by maintaining positive working relationships with peers and others.
High Standards
Effective performers possess a high inner work standard and shows pride in their work. They consistently strive to ensure work is complete within deadlines and that all work performed is of a high quality.
Organization & Planning
Effective performers have strong organizing and planning skills that allow them to be highly productive and efficient. They manage their time wisely and effectively prioritize multiple competing tasks. They follow through on tasks to ensure changes in technology are communicated effectively.
Results Orientation
Effective performers maintain appropriate focus on outcomes and accomplishments. They are motivated by achievement, and persist until the goal is reached. They convey a sense of urgency to make things happen. They respect the need to balance short- and long-term goals. They are driven by a need for closure.
Communicativeness
Effective performers clearly and articulately convey technical and other information both orally and in writing to others in a manner appropriate to the listener. They write clearly, accurately and concisely, composing project, technical and other required documentation as required.
Change Mastery
Effective performers are adaptable. They embrace needed change and modify their behaviour when appropriate to achieve organizational objectives. They are effective in the face of ambiguity. They understand and use change management techniques to help ensure smooth transitions.
Tags: Agile Application security CISM CISSP Cloud Computer Science DevOps DNS EDR Encryption Endpoint security Ethical hacking Firewalls GIAC Incident response Intrusion detection Linux Malware Monitoring Scrum UNIX VPN Windows
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs