Position: Security Analyst – Platform Team
Location: Richmond Hill, ON
An ideal candidate is a hands on self-starter with 5+ years of experience in software/IT with a focus on security. This role will require wearing many hats from creating corporate policies to performing penetration tests of a SaaS environment. The candidate should have a deep understanding of the security needs of designing and implementing enterprise-grade N-Tier Web Applications designed for high performance, scalability, security and reliability.
Degree in Computer Science, Software Engineering or a comparable university level program. At least 5 years’ experience in web based software products.
1. Transition our SaaS product from using a cloud based PCI platform to being PCI-DSS level 1 certified. Maintain PCI DSS compliance going forward.
2. Create and lead a PCI compliance team that spans various departments.
3. Contribute to strategies and policies related to security, security operational planning, incident response plans, risk mitigation and business continuity planning.
4. Contribute to product backlog with security stories. Establish Security and Privacy Requirements. Create threat models that can be used to define requirements.
5. Provide first line subject matter expert advice on pervasive information security standards, policies and processes, information security world class standards and major regulations in the industry.
6. Provide a security focused voice to user stories during planning meetings.
7. Auditing the current system, looking for security weak points, both code and infrastructure.
8. Penetration testing.
9. Attack surface analysis/reduction.
10. Work with clients/Project Management team to determine security best practices.
11. Training developers/QA on how to look at the system from a security point of view.
12. Create a process to monitor logs and alert administrators when security issues arise.
•Experience in assessing and moving a company/product to become PCI compliant.
•Experience with vulnerability assessment tools such as Metasploit, Nessus, Nikto, BeEF, Backframe Attack Console.
•Expertise in cyber security solutions including NetWitness, FireEye, Damballa, etc.
•Must have strong knowledge of IT Security Systems.
•Knowledge of the Microsoft Windows Server platform, including IIS, WCF, COM+ and MSMQ.
•Knowledge of Microsoft SQL Server.
•Knowledge of network communication using TCP/IP protocols, system administration, understanding of malware, knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch).
•Excellent verbal and written communication skills.
•Must be able to explain security concepts to non-technical users such as customers and internal stakeholders.
•Experience with other eCommerce Products, Order Management Systems (OMS), etc.
•Experience with payment gateways or other systems that interact with credit card information.
•CISA / CISSP accreditation is desired.
•ITIL certification is desired.