Senior Security Analyst to perform Technical Vulnerability Assessments and provide ad-hoc application-level testing for a financial enterprise client

Job Type: Contract
Positions to fill: 1
Start Date: Jan 09, 2023
Job End Date: Jan 08, 2024
Pay Rate: Hourly: Negotiable
Job ID: 125308
Location: Montreal, Ottawa, Toronto
Our valued financial client is seeking a Senior Security Analyst to perform Technical Vulnerability Assessments and provide ad-hoc application-level testing!

Initial 1-year contract in Ottawa, ON (Hybrid - 3 days of on-site work required per month). This role has a strong chance to be extended for up to a maximum term of 3 years. 

  • Perform Technical Vulnerability Assessments (TVAs) related to new or redesigned information technology systems following internal TVA methodology and template
  • Perform ad hoc vulnerability scanning of internal systems to support both TVAs and continuous vulnerability management program using available vulnerability scanning tools whilst following approved scanning practices
  • Provide ad hoc application-level testing and briefing notes as part of due diligence. Due diligence activities may include installation of application in lab environment, automated and manual testing to identify malicious or highly vulnerable components
  • Participate in developing a security test plan and technical testing
  • Assist documenting and assessing network zones and equipment, servers, operating systems, databases, mobile devices, peripherals, thick client applications, web applications, appliances, virtual infrastructure, and end-to-end solutions
  • Respond to security incidents to support investigating teams and provide information on bank devices, their patch level, and any vulnerabilities that may exist
Must-have Skills
  • 3+ years of experience with Security Vulnerability Assessments or Penetration Testing
  • Demonstrated experience with Common Vulnerability Scoring System (CVSS) version 3.1 ratings arrived at the official CVSS Calculator. 
  • Demonstrated knowledge of vulnerability management tools such as Nexpose, insightvm, nessus, qualysguard, openvas, IBM appscan, Netsparker, Acunetix etc.
  • Demonstrated experience with Azure, O365, IoT, WebApps, VMWare, Networking grear, API security and DevSecOps
  • Demonstrated experience assessing/securing any of the following: applications, virtual infrastructure, cloud infrastructure, network zones, equipment servers, databases, mobile devices, peripherals, thick client applications, applicances, and end to end solutions
Nice-to-have Skills
  • Relevant certifications (CISSP, Azure Fundamentals, Security +, CCSA, CISA, GCCC, GCED or equivalent)
  • Demonstrated experience working within multi-tier enterprise environments