Apply By : 6 / 14 / 2018
Information Technology Services
Job Type : Full-time, Continuing
Campus : Waterloo
Reports To : ICT, Director Infrastructure
Position Summary :
At Laurier, we are a community. It’s what brings our students here and what keeps our people here.
As an educational institution, we inspire lives of leadership and purpose in our student community. As an employer, we seek, foster and value the same qualities of leadership and purpose in our employee community.
We currently have an opportunity to join the Laurier community as an Security Analyst.
The Security Analyst is part of the ICT-Infrastructure team responsible for cyber security functions at Laurier. This team manages cyber security of all Laurier datacenters, cloud services, user end-
points, and networks. The team monitors devices, develops security procedures, recommends and enforces policies to ensure a secured Information technology environment at the University.
As a senior level position, the Security Analyst reports directly to the Director, ICT infrastructure and has cross-functional responsibilities within the ICT Infrastructure Team.
The Security Analyst provides cybersecurity support on end-points devices. Furthermore, to ensure that Laurier data centre systems, networks, and clouds are capable of meeting Laurier’s research and educational needs in a secure manner, the Security Analyst provides guidance and technical expertise in the following cybersecurity practices : security risk assessment;
development and enforcement of security policies and protocols; analysis and monitoring of threats and vulnerabilities; incident management including investigations, forensic analysis;
and long-term cybersecurity design and planning.
The Security Analyst is a subject matter expert in Information security with extensive and updated knowledge and experience in Information security industry standards and best practices.
The incumbent is responsible for the implementation of Laurier’s Information security strategy by supporting cybersecurity operations, threat and vulnerability management, incident response, alerting and monitoring :
Develops, enforces and monitors cybersecurity policies and standards;
Ensures Laurier systems and networks meet federal and provincial regulatory requirements;
Participates in cybersecurity and data privacy investigations (enterprise and user levels);
Works closely with Laurier’s legal and privacy officers reporting information on breaches to federal and provincial institutions;
Designs Information security audits and run cybersecurity exercises;
Performs research, tests, installs and controls security tools;
Monitors networks and services seeking for detection of Information Technology threats;
Reports and analyze threats to prevent information attacks;
Performs cybersecurity forensic investigations and participates in incident response plans;
Participates in day-to-day cybersecurity activities such as penetration testing, vulnerabilities patching, etc.
The Security Analyst works closely with the Director, ICT Infrastructure to raise cybersecurity awareness and to develop and deliver the Laurier’s cybersecurity training to ICT as well as to the broader Laurier community.
The Security Analyst will represent Laurier in meetings, project teams, and conferences inside and outside of the University.
This role has a university-wide mandate and is based at the Waterloo Campus. The incumbent provides subject matter expertise to all campuses, requiring regular interpersonal interactions and collaborations with departments at the University and external partners.
The role requires to respond quickly and effectively to ensure Laurier integrity, public image and reputation are not impacted by cyber incidents.
There are often frequent interruptions and requires the ability to multitask. As the services provided by this position are 24 / 7 operations, the Information Security Analyst may be required to work outside normal business hours (on a call-
back basis) and may be required to be on call. When possible, the manager will adjust the work schedule so that no more than 35 hours are worked in a week.
Provides expertise, guidance and advice in all matters related to Information security;
Complies and assists with the development and enforcement of policies and procedures relating to Information security in compliance with regulatory requirements and Industry best practice;
Responsible for performing cybersecurity forensic investigations and delivering conclusions to Laurier senior management and the legal and privacy offices;
Responsible for the configuration, controlling and monitoring of information security devices (for example a centralized logging system-
SIEM, data analyzer, etc.);
Responsible for the implementation of security policies to different information security components (firewall, servers, virtual devices, etc.);
Responsible for the review, recommendation and monitoring of technical, administrative and physical controls to address security threats on-
premises and in cloud environments;
Responsible for monitoring and audit PCI requirements and controls;
Responsible for managing technologies Proof of Concepts (POC), as well as technology purchases via RFI, RFQ or RFP;
Works closely with other ICT units to ensure systems under their responsibilities are up-to-date, antivirus and malware software are current and functioning correctly, and other intrusion / prevention systems and firewalls are operational;
Works closely with users and researchers providing cybersecurity guidance and support in end-point devices (computers, laptops, cellphones, ipads and tables, etc);
Audits, tests and reviews systems architectures and processes from a security point of view;
Participates in network security exercises and audits required to keep university networks, systems and clouds secured;
Participates in incident response and digital forensics;
Performs regular network scanning and penetration testing against critical infrastructure and applications;
Reviews network, firewalls, F5 local traffic manager and other ICT systems’ logs searching for security threats and unusual user patterns;
Reviews security vulnerabilities and scans applications prior to production deployment;
Monitors forums, security sites and commercial or publicly available security data bases to identify known threats and / or security vulnerabilities, and develops and applies mitigation procedures to protect the University;
Prepares technical reports and documentation regarding systems security status and vulnerability analysis;
Develops and delivers end-user training and security best practices;
Performs research, makes recommendations and delivers installations of commercial and open source security solutions.
University Degree in Computer Science, Engineering, or a related field
At the time of hiring, the incumbent must be in possession of at least one of the following IT security certifications : CISSP, CISA, CISM, GCIH, or CEH
A minimum of 5 years’ experience working in information security technical positions
Understanding of risk based approaches, regulatory and compliance issues
Advanced knowledge of Information technology security standards and procedures
In depth expertise of information security concepts, tools and methodologies applied to hybrid environments (on-premise and SaaS-IaaS clouds)
Demonstrated experience with incident response protocols, and forensic techniques and tools
Proven experience using vulnerability assessment tools, conducting vulnerability assessment scans and penetration tests
Experience in ethical hacker techniques and tools (commercial and open source packages)
Extensive experience working with network security devices : firewalls, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), etc
Experience analysing data and managing SIEMs, log analysis tools, and network vulnerability monitoring tools
Experience in technology Proof of Concepts (POC) and technology procurement processes (RFI, RFQ, and RFP)
Understanding and working experience with PCI compliance
Experience creating technical / security reports and presenting the results to other colleagues and management
Experience working with O365 audit and logging tools
Advance knowledge on security best practice on MACs, Windows (desktop and server versions) and Linux Operating Systems (Redhat, Oracle Linux, CentOS, Kali Linux)
In-depth understanding of security architecture, standards and best practices in IaaS - cloud environments
Working experience with scripting languages : Python, Bash, Perl, PowerShell, etc.
Working experience with protocols : VLANs, VPN, Trunking, packet analyzer, Network Address Translation (NAT), ACLs, and SNMP
Equipment specific training on industry leading security vendors such as Cisco, Palo Alto, and F5 networks
Excellent problem solving ability in a high-pressure, fast-paced environment
Strong interpersonal and communication skills and the ability to work with users of varying technical expertise (faculty, students, administrative and professional staff, management)
Ability to write progress reports and deliver presentations to technical and non-technical audiences
Strong organizational skills, accuracy and attention to details
Ability to document network policies and procedures
Ability to work independently and as a member of a team
Ability to work in, and adapt to, a rapidly changing and highly technical environment
Deals with difficult situations with tact and diplomacy seeking to resolve problems
Grade : WLUSA-10
Salary : $38.19 - $44.96
Salary Notes :
This position is eligible for equivalencies : https : / / lauriercloud.sharepoint.com / sites / human-resources / employee-
relations / employee-groups / Pages / wlusa.aspx
Please Note :
This position is represented by the WLU Staff Association bargaining unit.
Please submit a cover letter and resume.
Wilfrid Laurier University endeavors to fill positions with qualified candidates who have a combination of education, experience, skills and abilities to successfully perform the duties of the position while demonstrating Laurier's Employee Success Factors.
Diversity and creating a culture of inclusion is a key pillar of Wilfrid Laurier University’s Strategic Academic Plan and is one of Laurier’s core values.
Laurier is committed to increasing the diversity of faculty and staff and welcomes applications from candidates who identify as Indigenous, racialized, having disabilities, and from persons of any sexual identities and gender identities.
Indigenous candidates who would like to learn more about equity and inclusive programing at Laurier are welcomed to contact the Office of Indigenous Initiatives at jbecker wlu.
ca. Candidates from other equity seeking groups who would like to learn more about equity and inclusive programing at Laurier are welcomed to contact the Diversity and Equity Office at diversity wlu.
ca. We have strived to make our application process accessible however if you require any assistance applying for a position or would like this job posting in an alternative format, please contact Human Resources at 519-
884-1970 ext.2007 or hr wlu.ca.