Information Security Engineer III

Job Tittle : Information Security Engineer III

Location : Montreal, QC

MAIN RESPONSIBILITIES

Responsibilities include but are not limited to :

• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
• Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to BNP’s environment and determine appropriate mitigating controls.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level based upon BNP’s policies and standards.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner;

across traditional infrastructure and in cloud environments.

• Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
• Review and / or escalate exception requests submitted to the VM team
• Using a risk based approach, analyze BNP’s vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
• Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
• Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.

REQUIREMENTS TRAINING AND OCCUPATIONAL EXPERIENCE

• in Computer Science or equivalent field
• CISSP, CISM or similar industry certification
• years of experience in Vulnerability Management or related field

ESSENTIAL SPECIFIC REQUIREMENTS

• Expertise knowledge of the Vulnerability Management process including vulnerability identification, false negative / positives identification & elimination
• Strong knowledge of Qualys, Nexpose or Nessus including configuration and maintenance, scan execution, agent deployment and oversight
• Experience of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
• Experience Security Standards / Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO &).
• Experience of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Previous experience working in large-scale environments with diverse technologies is a must.
• Knowledge of scripting languages desired

SKILLS AND BEHAVIOURS

• Analytical skills
• Strategic vision
• Rigor & Accuracy
• Flexibility
• Communication skills
• Collaboration
• Self-driven
• Team player
30+ days ago