IT Security Design Specialist – Senior

QUALIFICATIONS:

• 10+ years of relevant experience OR a university degree in a related business or technology discipline.
• A valid Government of Canada secret clearance.
• One of the following certifications: CISSP/CISM/CISA/CRISC/CCFP/SSCP/ITIL/ISSAP/SSCP/CompTIA +/GIAC
• A diploma/certificate/degree in one of these following fields: Networking, Computer Systems, Computer Science or Electrical Engineering.
• 12+ months of experience, within the last 5, preparing briefings for and making presentations to Executive Management.
• Experience, within the last 5 years, working with Government of Canada standards, policies, and guidelines to deliver IT Security service that meets Communication Security Establishment Canada standards.
• Experience, within the last 5 years, in developing Statements on Sensitivity, Asset Categorization, Threat Modeling, Business Needs for Security, and Statements of Acceptable Risk.
• Recent experience validating the following: IT security controls (ITSG33- based) and applicable safeguards, Assessment of mitigation strategies, Assessment of residual risk.
• 48+ months of experience performing each of the following IT Security tasks:
  • Analysis of IT Security tools and techniques
  • Analysis of security data and provision of advisories and reports
  • Preparation of technical reports such as requirement analysis, options analysis, technical architecture documents, mathematical risk modeling
  • Security architecture design and engineering support

RESPONSIBILITIES:

• Review, analyze, and/or apply: Architectural methods, frameworks, and models such as TOGAF , US government FEAP , Canadian government BTEP and GSRM , Zachman, UMM
• Review, analyze, and/or apply a broad range of security technologies including multiple types of systems and applications architectures, and multiple hardware and software platforms, including:
  • Directory Standards such as X.400, X.500, and SMTP
  • Operating Systems such as MS , Unix, Linux, and Novell
  • Networking Protocols (for example, HTTP , FTP , Telnet)
  • Network routers, multiplexers and switches
  • Domain Name Services ( DNS ) and Network Time Protocols (NTP)
• Review, analyze, and/or apply Secure IT architectures, standards, communications, and security protocols such as IPSec , SSL , SSH , S-MIME , HTTPS
• Review, analyze, and/or apply IT Security protocols at all layers of the Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) stacks
• Review, analyze, and/or apply The significance and implications of market and technology trends in order to apply them within architecture roadmaps and solution designs. (examples: web services security, incident management, identity management)
• Review, analyze, and/or apply Best practices and standards related to the concept of network zoning and defence in-depth principles
• Review, analyze, and/or apply IT Security protocols at all layers of the Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) stacks
• Analyze IT Security statistics, tools and techniques
• Analyze security data and provide advisories and reports
• Prepare technical reports such as requirement analysis, options analysis, technical architecture documents, mathematical risk modeling
• Prepare tailored IT Security alerts and advisories from open and closed sources
• Complete tasks directly supporting the departmental IT Security and Cyber Protection Program