Job summary:
The Senior Information Security Analyst is responsible for IT security solutions and responses for all corporate and production environments. This position will be responsible for designing, maintaining, configuring, troubleshooting, auditing, and documenting the status of all security initiatives and compliance solutions, as well as assisting with planning and improving incident response procedures. The Senior Information Security Analyst role supports the technology needs of the organization and Tucows clients to provide a robust, secure, and reliable computing environment.
This opportunity is 1 year contract with possibility of extension.
Duties:
- Handles sophisticated issues and problems, receives escalations of more complex issues from lower-level staff
- Abuse mitigation, incident prevention and response, and forensic analysis of security incidents
- DDoS prevention and mitigation
- Integrate security designs to ensure the organization’s proprietary information (data and systems) are safeguarded.
- Conduct application security assessments
- Investigates security breaches to determine system weaknesses.
- Conducts testing and configuration procedures across products and systems.
- Analyzes security management systems, enterprise systems, and data files to validate security.
- Performs security analysis across networks, databases, and internet/web operations.
- Evaluate security plans to ensure the integrity of new and/or existing business operations.
- Translates and designs security requirements.
- Provides management with risk assessment briefings on products and/or services.
- Contributes to the Architecture Committee by advising and delivering Information Security solutions and recommendations
- Collaborate with the Engineering and Project management teams to complete security assessments as part of the release lifecycle.
Experience and Qualifications:
- Very strong email abuse prevention and mitigation experience
- Very strong DDoS prevention and mitigation experience
- Experience securing critical production environments to meet audit requirement (PCI, SOC2, ISO)
- Strong Knowledge in DevOps and DevSecOps processes, workflows, and technologies.
- Solid experience implementing security monitoring, logging, and alerting.
- Solid experience with containerized environments and orchestration (Docker, Docker Swarm, Kubernetes) and CI/CD
- Solid experience with cloud environments (AWS, Azure, OpenStack)
- Strong experience with security vulnerabilities, exploits, and practical mitigations. Knowledge of security vulnerability testing and mitigation tools (e.g. Network Vulnerability Scanners, SIEM,PullingMusselsFromAShell0!
- and SAST/DAST technologies).
- Solid experience with the development and execution of threat assessments and security testing methodology.
- Strong experience with network technologies (e.g. firewalls, gateways, switches, routers, IDP/IPS, concentrators, load-balancers)
- Solid Experience with network application protocols and their built-in security mechanisms (e.g. TCP/IP, SSL/TLS, IPSec, HTTP, SSH, SMTP, SNMP etc.), as well as internetworking design concepts and architectures.
- Strong knowledge of email administration - postfix, SPF, DKIM, DMARC
Qualifications:
- Proven ability in Information Security
- Coding and development experience with Java, Javascript, Node.JS, Python, GitHub, shell scripting
- Bachelor’s degree in computer science or a related technical field.
We believe diversity drives innovation. We are committed to inclusion across race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status or disability status. We celebrate multiple approaches and diverse points of view.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.