Sr IT Security Engineer to analyze and develop IT security solutions for GC infrastructure

The Government of Canada (GC) is continuing to make great strides in becoming a digital-first organization.

The organization is looking to improve the GC Information Technology (IT) infrastructure and the user experience by consolidating, modernizing, and standardizing where possible. Priorities to support the delivery of government-wide digital transformation include:

• Ensuring the Government’s network is secure, fast and reliable.
• Providing public servants, the digital tools they need and that support a modern workplace.
• Helping to ensure the health of government systems and the modernization of applications by moving data to the Cloud or modern data centres; and
• Enabling government-wide transformations through the creation of standards, revised services, and a new funding model.

Infrastructure Security Operations (ISO) is responsible for planning, designing, building, operating and maintaining effective, efficient and responsive cyber and IT security infrastructure to protect GC data and technology assets. ISO delivers technical safeguards that protect the government network systems and services by detecting and preventing unauthorized access, misuse, modification and denial of network-accessible resources and data. ISO provides protection through perimeter/border defense services, intrusion detection and prevention services, wired/wireless protection services and web filtering services. End-point protection and security monitoring are done through anti-virus/malware services, end-point management services, event logging and auditing services, and compliance threat and vulnerability assessment infrastructure services.The ISO directorate also provides enterprise-level authentication services to both GC employees and external client communities such as Canadian citizens and businesses. Enterprise Mandated Services comprise Internal and External Credential Management, Government of Canada Internal Credential Management services, Management of Identity, Credential Authentication, and Public Key Infrastructure.

Tasks:

• Analyze existing services; propose, design, develop and implement improved overall systems design user experience, security controls, safeguards in accordance with government policies and standards
• Analyze IT Security Infrastructure and services statistics including security log analysis and other systems operational logs and events analysis).
• Analyze IT Security Infrastructure tools and techniques.
• Analyze data and provide advice and reports.
• Assist in implementation strategies
• System and subsystem solution designs compliant with policy, business, security, operational and support requirements.
• Detailed system and subsystem technical, development, integration, interface and build documentation
• Functional and technical test plans, test cases and test results documentation
• Technical collateral for cost/benefit analysis and proposals
• Detailed root cause analysis documentation; Detailed Change Request technical analysis documentation; and Operational collateral
• Conduct systems integration and development of selected services, sub-services, and applications
• Documentation: structured analysis and recommendations, weekly status reports, installation procedures, build books, maintenance procedures, business requirements analysis, network topologies, specifications and standards, design documentation, solution and implementation requests, support procedures, backup and restore procedures, etc.
• Deliver design and prototypes for the delivery of new service offerings.
• Identify the technical threats to, and vulnerabilities of networks and systems.
• Directory, authentication, and authorization protocols such as LDAP, Kerberos, SAML, OpenID Connect, or any future security authentication protocols
• Identity Management processes, best practices, standards, policies and supporting technologies
• Operating Systems such as Windows, Unix and Linux
• Networking Protocols such as HTTP, FTP, and Telnet
• Secure IT architectures fundamentals, standards, communications, and security protocols such as IPSec, IPv6, SSL, and SSH
• IT Security protocols at all layers of the Open Systems Interconnection (OSI) and Transmission Control
• Protocol/Internet Protocol (TCP/IP) stacks
• Domain Name Services (DNS), DHCP and Network Time Protocols (NTP)
• Network routers, multiplexers, and switches
• Application, host and/or Network hardening and security best practices such as shell scripting, service identification, and access control
• Intrusion detection/prevention systems (HIDS/HIPS), Network-based Intrusion Defence Systems, malicious code defence, file integrity, Enterprise Security Management, Security Information and Event Management (SIEM) Systems and/or firewalls
• Data Parsing
• Wireless technology
• Cryptographic Algorithms
• Manage the IT Security configuration.
• Monitor and develop reporting for system utilization and performance metrics.
• Perform lab testing to evaluate fixes, new features, and system interoperability.
• Prepare technical reports such as IT Security Solutions option analysis and implementation plans.
• Provide cross training and knowledge transfer to other support personnel.
• Provide engineering support through planning and implementing complex changes in large scale multi-tenant networked environments.
• Provide Independent Verification and Validation (IV&V) support to IT Security related projects.
• Provide network security expertise on multi-disciplinary project teams to develop design alternatives.
• Provide operational support for firewalls / VPNs / web content filtering infrastructure by performing change.
• Review perimeter security requirements and develop cost effective responses.
• Review, assess, develop alternatives, and recommendations for perimeter security approaches, technology, and processes.
• Provide expertise as well as design and implement solutions including Directory Technologies, Directory ETL systems, Authentication and Authorization Systems, Identity Management Systems, Credentials Management systems as well as business applications integrations.

Apply