Information Security Analyst
SecureKey Technologies Inc
Toronto, Ontario, Canada
11d ago

Information Security Analyst

SecureKey is the identity and authentication provider for organizations that deliver online consumer services. SecureKey delivers high-

performance, easy-to-use, authentication platforms that reduce the burden, cost, and risks associated with authenticating millions of consumers while also improving the user experience.

SecureKey implements security in each phase of the authentication platform : design, development, testing, build, deployment and continuous operation.

The Information Security Analyst is a key role in the implementation of this security. You will be responsible for evaluating security technologies / tools, automating security tasks, continuous monitoring activities (analyzing scan / vulnerability assessment findings, defining and testing remediation steps and tracking vulnerabilities through to remediation implementation), improving our production alerting / monitoring solution, performing security impact assesments on production system changes, and ensuring technical security controls are implemented that maintain compliance with regulatory and customer requirements.

The Informatin Security Analyst will also be responsible for identifying security responsibilities in the various operational roles and providing role-

based security training to these roles. You will also work closely with SecureKey’s Compliance Manager to ensure proper tracking and reporting of continuous monitoring activities for regulatory (i.

e., PCI and SOC2) compliance.

The Information Security Analyst will hold a security approver role in SecureKey’s Change Advisory Board, as well as be a member of SecureKey’s security incident response team (to oversee maintenance of evidence (and its chain of custody) for forensic purposes, to assess and report on the exposure and risk, and support triage, isolation, containment, eradication, remediation and post mortem activities).

The Information Analyst will be the technical point of contact for third party assessors performing internal and / or external VA scanning, web application assessments and / or manual pen testing activities.

To support third party assessments you will be responsible for providing the list of inscope systems that fall within the assessment scope, as well as ensure all access to systems is properly planned, provided for the assessment and removed following the assessment as applicable.

A key aspect of this role is also the understanding of cryptography, PKI and web application security. The Information Analyst will be responsible for managing keys and certificates within SecureKey environments, ensuring web application security controls are in place.

Candidate should have :

  • Strong scripting knowledge (bash, python, perl)
  • In-depth knowledge of IP, SSL, TLS
  • Understanding protocol analyzers (wireshark, tcpdump, etc.)
  • Understanding of cryptography, X.509 / PKI, cross certification
  • Understanding of OWASP Top10
  • Knowledge of network intrustion prevention / detection techniques
  • Knowledge of SIEM solutions and alert optimization
  • Working knowledge of openssl
  • Network and OS (Linux / Windows) hardening
  • Proficient in Linux shell environment
  • Advanced analytical and technical experience
  • Good communication (verbal and written) skills
  • Ability to assess and articulate risks to a system as a result of a suspected vulnerability, a proposed change or a compromise
  • Actively detect, respond to, and remediate security events across infrastructure
  • Work closely with oother members of the Informatin Security Team to improve the company’s network defense posture
  • Understanding of cyber threat vectors and coutermeasures
  • Understanding of webservers apache, tomcat and their architectures
  • Thorough understanding of securty threat landscape
  • Switches / Routers / Firewalls (Intermediate configuation)
  • Network / Systme Intrusion Detection or Prevention Systems
  • Strong working knowledge of TCP / IP networking / VPN, VLAN,NAT,and security concepts
  • Working Knowledge of Operatin System Software (Microsoft Windows Client and Server, Mac and Linus)
  • Security architectures and designs (E.g. SIEM, IDS / IPS)
  • Experience performing offensive assessments, penetration testing or vulnerability analysis
  • Have exposure to tools (Nessus, Burp, Nikto, Openvas, Metasploit) to scan system devices for vulnerabilities according to compliance policies
  • Knowledge of compliance standards such as PCI
  • Basic understanding of Docker Ansible and Jenkins
  • Understanding of Blockchain technology beneficial
  • Familiarity with ITIL or other recognized change management procedures
  • Ideal qualiifications :

  • University degree (BS / MS) in Engineering, Computer Science or equivalent
  • Familiarity with PCI DSS and SOC2 or other Relevent standard
  • Participation in compliance audits (working with assessors / audits and / or defining / implementating security controls in compliance with regulatory IS requirements)
  • Experience supporting a production environment
  • Security training / certifications an asset (ethical hacking, CISSP, CompTIA Security+, SecureNinja courses, etc.)
  • We are looking for a candidate that excels in a fast-paced and dynamic envionment; One who can hit the ground running and provide immediate value, and who can be articulate and decisive with recommendations.

    Be part of a high-performance team submit your resume to human.resources nullsecurekey.com.

    Apply
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form