Talent.com
Information Security Engineer III - Daily

Information Security Engineer III - Daily

Axelon Services CorporationMontreal, QC
Il y a plus de 30 jours
Salaire
88152.35 CAD– 100665.3 CAD par an
Description de poste

Job Tittle : Information Security Engineer III

Location : Montreal, QC

MAIN RESPONSIBILITIES

Responsibilities include but are not limited to :

  • Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
  • Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to BNP’s environment and determine appropriate mitigating controls.
  • Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level based upon BNP’s policies and standards.
  • Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
  • Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
  • Review and / or escalate exception requests submitted to the VM team
  • Using a risk based approach, analyze BNP’s vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
  • Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
  • Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.

REQUIREMENTS TRAINING AND OCCUPATIONAL EXPERIENCE

  • in Computer Science or equivalent field
  • CISSP, CISM or similar industry certification
  • years of experience in Vulnerability Management or related field

    • ESSENTIAL SPECIFIC REQUIREMENTS

  • Expertise knowledge of the Vulnerability Management process including vulnerability identification, false negative / positives identification & elimination
  • Strong knowledge of Qualys, Nexpose or Nessus including configuration and maintenance, scan execution, agent deployment and oversight
  • Experience of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
  • Experience Security Standards / Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO &).
  • Experience of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
  • Previous experience working in large-scale environments with diverse technologies is a must.
  • Knowledge of scripting languages desired

    • SKILLS AND BEHAVIOURS

  • Analytical skills
  • Strategic vision
  • Rigor & Accuracy
  • Flexibility
  • Communication skills
  • Collaboration
  • Self-driven
  • Team player