Share this Job
Apply now »

Senior Information Security Engineer

Title: Senior Information Security Engineer 

Company: Coast Capital Financial Management 

Location: British Columbia (CA-BC), Help Headquarters  

Job Type: [[jobType]] 

Posting End Date:  

 

Together, we help empower you to achieve what’s important in your life.

 

What’s the job?

The Senior Information Security Engineer is responsible for leading technical security design and security controls implementation for various corporate/business projects and security maturity initiatives.. The Senior Information Security Engineer is also responsible for leading the technical security assessments, collaborating with various project team members and driving the completion of security onboarding and risk acceptance activities.

 

 

What you’ll get to do:

  • Lead and provide security subject matter expertise in the planning & implementation in the technical design and build of security elements for the organization.
  • Participate in the development of CICD pipeline and maturity of DevSecOps processes.
  • Participate as part of the Change Advisory Board and/or designated approver in the review of major or significant changes as it pertains to the confidentiality, integrity, and availability of the production infrastructure.
  • Responsible for the development and configuration of SIEM and/or other security components in the alerting, analysis, and reporting of security events.
  • Follow up and regularly report on the remediation activities and progress made by the applicable ITG teams in the identified vulnerabilities and risks
  • Regularly, as well as where material changes to the production environment occur, review and assess all IT systems and infrastructure components to provide assurance of their proper and secure configuration and operations.
  • Contribute to developing applicable and relevant metrics to measure the efficiency and effectiveness of the  security program in order to improve and mature the security posture within the organization.
  • Maintain knowledge and skills in order to stay current on emerging threats and issues, trends and technology solutions.
  • Provide risk analysis in the technical aspects of applications and infrastructure to ensure adequate levels of security are deployed at the system level.
  • Provide technical expertise, support and training to staff on security practices.
  • Lead in the identification of potential vulnerabilities within systems, networks, DBs, applications and recommend suitable controls and countermeasures to mitigate such vulnerabilities.
  • Review the implementation and operation of security systems and their corresponding or associated software to ensure they operate as designed.
  • Coordinate regulatory and other audit requests with applicable ITG and business teams, as required.
  • Perform specialized security penetration testing or vulnerability assessment testing, where and when required.
  • Provide guidance to other IT operational teams around cyber threats and potential technical and non-technical mitigating controls.

 

 

Who are we looking for?

  • Minimum 7 – 9 Years of Job Related Experience
  • Degree or a diploma requiring 3 - 4 years of full-time study.
  • Certifications such as CISSP, CISA, GSEC, OSCP are preferred.
  • Expertise with SAST & DAST security tools and OWASP Testing Methodologies..
  • Expert working knowledge of systems and application development, system integration, Waterfall/Agile methodologies, IT best practices, and information security standards.
  • Expert hands-on and understanding of technical and administrative controls for web, application, client/server, database and network security controls with previous hands on experience.
  • Extensive experience in risk assessments and identification of control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments.
  • Expertise in security and compliance audits, internal/external penetration analysis, and vulnerability research.
  • Extensive experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and
  • Broad based proficiency and some in-depth advanced knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies.
  • Hands-on experience with Microsoft enterprise level products and Unix/Linux based environments and technologies.
  • Proficient through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security.
  • Advanced working knowledge and in the application of ISO 27001/2, COBIT, and ITIL. Proficiency with NIST, SABSA, TOGAF, and other industry best practices would be an asset.
  • Proficient to advanced, along with knowledge of legislation and regulations affecting information security and the financial industry, such as INTERAC, FICOM, OSFI, BC PIPA / PIPEDA, and PCI-DSS. Experience with and knowledge of INTERAC, FICOM, and
  • Member of local information security or assurance community would be an asset.
  • Excellent written and oral communication skills.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Superior analytical, evaluative, and problem-solving abilities. 

Why join Coast Capital Savings?

 

We don’t mean to toot our own horn, but…

 

  • We improve Canadians’ financial well-being through providing simple financial help.
  • Employees do what’s best for our members. Every day.
  • We believe in being a great corporate citizen so we invest in our local communities by donating our time, money and expertise.
  • Our employees take advantage of the many opportunities to grow their careers.
  • Employees love having a cool place to work with modern LEED certified offices and being recognized with a virtual (and, at times, an actual) high-five.
  • Our inspiring leaders help our employees develop their talents and encourage them to be their fabulous selves.
  • We have a unique culture where we take our business seriously, but ourselves, not so much.
  • We are a Certified B Corp®. Our certification reflects our strong commitment to social and environmental performance, accountability, and transparency.
  • In 2019, we earned double kudos by being named one of BC’s Top Employers and one of Canada’s Best Managed Companies – two of the nation’s most coveted business awards, may we add.

 

Does this position inspire you?  If so, apply today at Coast Capital Savings. 

Apply now »