20 Jan
QLogitek
Mississauga
Job OverviewReporting to the Compliance and Security Manager, the Information Security Analyst plays a key role in planning, implementing, upgrading, and monitoring security protocols for the protection of the organization’s computer networks and safeguarding of information.ResponsibilitiesPenetration Testing:Conduct Penetration & Vulnerability Tests: Perform thorough and methodical penetration testing on web applications, network infrastructures, and other systems to identify security vulnerabilities with automated tools and manual assessments. Conduct regular internal Red Team engagements.Develop and Execute Test Plans: Design and execute detailed test plans. Ensure penetration testing practices comply with relevant regulations,
standards, and organizational policies.Continuous knowledge update on industry best practices: Research and keep up to date with the latest security trends, vulnerabilities (cves), and tools to ensure testing methodologies are current and effective. Utilize latest technology to protect information.Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.Vulnerability Management:Assess and analyse security weaknesses and provide actionable recommendations to mitigate risks and improve overall security postureCommunicate risk and collaborate with system owners, developers, and other teams to address security vulnerabilities to create closure plan, prioritize, and evaluate the solution after implementationMaintain corporate vulnerability board with vulnerability owners to ensure closure of all vulnerabilities within established SLAsRisk & Security Management:Evaluate and assess potential security risks related to new and existing systems and technologiesAssess cloud environments and applications specific configurations, access controls, and encryption mechanismsValidate various Cloud services for security issues such as, portal access, app services, databases, vms, and cloud storage (blob/buckets)Document security breaches and the extent of damage caused in detailed reportsInstall security software such as firewalls and data encryption programs, to protect sensitive informationMonitor company’s networks for potential security breaches and investigate if such incidents occurMake recommendations to managers and senior executives on security advancements for optimal protection of company’s systemsDevelop a security plan that establishes best standards and practices for the companyAssist co-workers with new program installations and provide guidance on security procedures as neededCommunication & Collaboration:Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements.Create and communicate processes that could help teams meet remediation goals.QualificationsKnowledge and Experience:10+ years of experience in technology and support3+ years of experience in penetration testingProficient in tools such as Kali Linux, Metasploit, Aircrack, Nmap, Burpsuite, ZAP, Curl, Nessus, Netsparker, Wireshark, etcValid penetration testing certification such as CEH, PenTest+, GPEN,
OSCPExternal client facing experienceStrong knowledge in the security standard ISO 27001Proven experience performing successful penetration tests and red team assessmentsProven experience with vulnerability assessment methodologies, tools and techniques used to conduct network vulnerability assessments and penetration testingHave an in-depth understanding of OWASP testing methodology, dynamic and static application security testing, re-engineering, automation, IDS/IPS systems, WAF, burp suite, Nmap, Nessus, Qualys, netsparker, Metasploit, etc
Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.