Intermediate (secret cleared) IT Security Vulnerability Analysis Specialist to support ongoing initiatives related to the department's security policies and directives

Our valued public sector client is looking for an intermediate (secret cleared) IT Security Vulnerability Analysis Specialist to support ongoing initiatives related to the department's security policies and directives

Tasks include:

• Review, analyze, and/or apply
  • Threat agents’ analysis tools and other emerging technologies including privacy enhancement, predictive analysis, data visualization and fusion
  • War dialers, password crackers
  • Public Domain IT vulnerability advisory services
  • Network scanners and vulnerability analysis tools such as SATAN, ISS, Portscan & NMap
  • Networking Protocols (HTTP, FTP, Telnet)
  • Internet security protocols such as SSL, TLS S-HTTP, S-MIME, IPSec, SSH, TCP/IP, UDP, DNS, SMTP, SNMP
  • Wireless Security
  • Intrusion detection systems, firewalls and content checkers
  • Host and network intrusion detection and prevention systems - Anti-virus management
• Web application software scanning
• Static Application Security Testing &/or Dynamic Application Security Testing
• Code Reviews, manual and automated, specifically for:
  • .NET
  • Java
  • JavaScript
• Identify threats to, and technical vulnerabilities of, networks, web servers, web application servers, database servers, and associated software running on these servers.
• Conduct on-site reviews and analysis of system security logs under direct supervision of Government of Canada management and staff.
• Collect, collate, analyze and disseminate public domain information related to networked computer threats and vulnerabilities, security incidents and incident responses
• Completed tasks directly supporting the departmental Cyber Security Program
• Conduct web application security vulnerability tests based on the OWASP Top Ten vulnerabilities, covering attacks such as SQL Injection, Cross Site Scripting (XSS), and Insecure Configurations.
• Develop and deliver training material relevant to Web application development security in the Government of Canada context
• Provide detailed reporting and interpretation on vulnerability test and penetration test results
• Develop recommendations for improved security methods
• Perform enterprise-wide detection of server configuration changes using automated tools such as Tripwire
• Specific tasks will be identified in each validly issued TA

Must have:

• Secret clearance
• Prior experience performing vulnerability scans and security testing for a secure public cloud computing environment, service or solution for a public sector organization
• A certification relevant to cyber security