18 Jan
QLogitek
Mississauga
Job Overview
Reporting to the Compliance and Security Manager, the Information Security Analyst plays a key role in planning, implementing, upgrading, and monitoring security protocols for the protection of the organization’s computer networks and safeguarding of information.
Responsibilities
Penetration Testing:
Conduct Penetration & Vulnerability Tests : Perform thorough and methodical penetration testing on web applications, network infrastructures, and other systems to identify security vulnerabilities with automated tools and manual assessments. Conduct regular internal Red Team engagements.
Develop and Execute Test Plans : Design and execute detailed test plans.
Ensure penetration testing practices comply with relevant regulations, standards, and organizational policies.
Continuous knowledge update on industry best practices: Research and keep up to date with the latest security trends, vulnerabilities (cves), and tools to ensure testing methodologies are current and effective. Utilize latest technology to protect information.
Report Findings : Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.
Vulnerability Management:
- Assess and analyse security weaknesses and provide actionable recommendations to mitigate risks and improve overall security posture
- Communicate risk and collaborate with system owners, developers, and other teams to address security vulnerabilities to create closure plan, prioritize, and evaluate the solution after implementation
- Maintain corporate vulnerability board with vulnerability owners to ensure closure of all vulnerabilities within established SLAs
Risk & Security Management:
- Evaluate and assess potential security risks related to new and existing systems and technologies
- Assess cloud environments and applications specific configurations, access controls, and encryption mechanisms
- Validate various Cloud services for security issues such as, portal access, app services, databases, vms, and cloud storage (blob/buckets)
- Document security breaches and the extent of damage caused in detailed reports
- Install security software such as firewalls and data encryption programs, to protect sensitive information
- Monitor company’s networks for potential security breaches and investigate if such incidents occur
- Make recommendations to managers and senior executives on security advancements for optimal protection of company’s systems
- Develop a security plan that establishes best standards and practices for the company
- Assist co-workers with new program installations and provide guidance on security procedures as needed
Communication & Collaboration:
Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements.
Create and communicate processes that could help teams meet remediation goals.
Qualifications
Knowledge and Experience:
- 10+ years of experience in technology and support
- 3+ years of experience in penetration testing
- Proficient in tools such as Kali Linux, Metasploit, Aircrack, Nmap, Burpsuite, ZAP, Curl, Nessus, Netsparker, Wireshark, etc
- Valid penetration testing certification such as CEH, PenTest+, GPEN, OSCP
- External client facing experience
- Strong knowledge in the security standard ISO 27001
- Proven experience performing successful penetration tests and red team assessments
- Proven experience with vulnerability assessment methodologies, tools and techniques used to conduct network vulnerability assessments and penetration testing
- Have an in-depth understanding of OWASP testing methodology, dynamic and static application security testing, re-engineering, automation, IDS/IPS systems, WAF, burp suite, Nmap, Nessus, Qualys, netsparker, Metasploit, etc
Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.