Senior Secret cleared IT Security Engineer to provide cyber security expertise on a major Navy initiative within National Defence
S.i. Systems
Ottawa, ON-
Number of positions available : 1
- Salary To be discussed
-
Contract job
- Published on December 21st, 2024
-
Starting date : 1 position to fill as soon as possible
Description
Our valued client is seeking a Senior IT Security Engineer for an initial contract until March 31, 2025.
As the successful candidate you will support the modernization of the Naval Training System (NTS) through digital integration, enhancing the existing ecosystem for naval training with a cutting-edge software package, including improvements to the supporting hardware on a local level as necessary for full functionality. The project is looking at leveraging Artificial Intelligence (AI) and Deep Automation (DA) into its solutions.
Responsibilities:
Must-have:
As the successful candidate you will support the modernization of the Naval Training System (NTS) through digital integration, enhancing the existing ecosystem for naval training with a cutting-edge software package, including improvements to the supporting hardware on a local level as necessary for full functionality. The project is looking at leveraging Artificial Intelligence (AI) and Deep Automation (DA) into its solutions.
Responsibilities:
- Review, analyze, and/or apply Federal, Provincial or Territorial IT Security policies, System IT Security Certification & Accreditation processes, IT Security products, safeguards and best practices, and IT Security risk mitigation strategies;
- Identify threats to, and vulnerabilities of operating systems (such as MS, Unix, Linux, and Novell), and wireless architectures;
- Identify personnel, technical, physical, and procedural threats to and vulnerabilities of Federal, Provincial or Territorial IT systems;
- Develop reports such as: Data security analysis, Concepts of operation, Statements of Sensitivity (SoSs), Threat assessments, Privacy Impact Assessments (PIAs), Non-technical Vulnerability Assessments, Risk assessments, IT Security threat, vulnerability and/or risk briefings;
- Conduct Certification activities such as: Develop Security Certification Plans; verify that security safeguards meet the applicable policies and standards; validate the security requirements by mapping the system-specific security policy to the functional security requirements, and mapping the security requirements through the various stages of design documents; verify that security safeguards have been implemented correctly and that assurance requirements have been met (this includes confirming that the system has been properly configured, and establishing that safeguards meet applicable standards); conduct Security Testing and Evaluation (ST&E) to determine if the technical safeguards are functioning correctly; and assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk;
- Conduct Accreditation activities such as: review of certification results in the design review documentation by the Accreditation Authority to ensure that the system will operate with an acceptable level of risk and that it will comply with departmental and system security policies and standards and identify conditions under which a system is to operate (for approval purposes). This may include the following types of approvals:
- Developmental approval by both the Operational and the Accreditation Authorities to proceed to the next stage in an IT system's life cycle development if sensitive information is to be handled by the system during development;
- Operational written approval for the implemented IT system to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards; or
- Interim approval - a temporary written approval to process sensitive information under a set of extenuating circumstances where the risk is not yet acceptable, but there is an operational necessity for the system under development; and
- Develop and deliver training material relevant to IT Security TRA and C&A;
- Brief senior management and review and provide comments related to IT Security TRA and C&A
Must-have:
- 10+ years experience as a Security Engineer (or relevant role) developing security reports (threat assessments, PIAs, risk assessments, etc.)
- 10+ years experience reviewing, analyzing, and/or implementing IT Security policies, system IT security certification & accreditation processes, IT security products, safeguards and best practices, or IT security risk mitigation strategies, within either the private or public sectors
- 10+ years experience conducting security certification and validation activities including developing certification plans, verifying security safeguards meet policies, etc.
- Active GoC Secret Clearance
- Relevant University and/or College Degree (Computer Science, Engineering, etc.)
- 6+ years experience reviewing certification results in design review documentation by the Accreditation Authority to ensure that a system will operate within Government of Canada (GoC) guidelines
- 6+ years experience incorporating and engineering AI/ML methods to increase security measures on a solution
- Relevant Certifications
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- ISACA Certification and Risk and Information Systems Control
- ISO 27001 Lead Auditor Certification
Apply
Requirements
Level of education
undetermined
Work experience (years)
undetermined
Written languages
undetermined
Spoken languages
undetermined
Other S.i. Systems's offers that may interest you