Infrastructure Security Analyst – City of Burnaby (Burnaby, BC)

Infrastructure Security Analyst

Competition No.: 2021-002
Duration: Temporary Full Time
Salary: $, plus competitive benefits
Last Updated: 1/20/21 10:22 AM

Description
As the third largest City in British Columbia, the City of Burnaby is committed to creating and sustaining the best quality of life for our entire community.  As a City, we provide facilities and services that support a safe, connected, inclusive, healthy and dynamic community.  With this in mind, comes great responsibility – we seek likeminded individuals who are passionate about the community, work with integrity and respect, and are innovative when it comes to the work and services Burnaby provides to our citizens.

The Infrastructure Security Analyst is a skilled technical role responsible for maintaining the security of the City’s Information Technology (IT) infrastructure while accessing confidential and sensitive systems. An incumbent investigates design, implementation, and operational flaws that could be used to exploit IT resources; participates in the design of Information Security solutions in accordance with industry standard best practices, regulatory guidelines and City policies; coaches and develops security practices and skills within IT and in business departments; performs assessment services including network security testing, application penetration testing, wireless assessments, host-based reviews and threat modeling; may act as project leader for matters related to hardening, certification, and accreditation of both new and existing IT systems, cloud adoption strategy and security. Performs related work as required.

Qualifications include completion of a two-year diploma course in computer sciences or related discipline at a technical institute or community college with specific courses related to communications and network systems, plus a minimum of two years of experience in Information Security specifically experience with hardening Windows and Linux/UNIX systems and experience with performing audits, security, vulnerability, penetration tests, assessments and evaluations, OR an equivalent combination of training and experience. This role requires considerable knowledge of: infrastructure security concepts, practices and techniques related to firewalls, IDS/IPS, AAA, secure network design, disaster recovery, penetration and vulnerability assessment, task organization, role segregation, role engineering and security-centric quality assurance; application security concepts including identity management, password management, RBAC; data protection policies, procedures and products, applicable privacy rules and regulations, data security, encryption, digital rights management and data loss prevention; systems security testing and evaluation methods; departmental policies, procedures and practices related to the work performed; the functions and operations of departments served and their requirements. The role requires the ability to: engage and communicate with a variety of audiences, both technical and non-technical; explain complex concepts, systems and technical topics to others who may have minimal technical knowledge using oral, written and visual presentations; establish and maintain effective working relationships with a variety of internal and external contacts, apply cybersecurity and privacy principles to organizational requirements (related to confidentiality, integrity, availability, authentication, non-repudiation); conduct vulnerability scans and recognize vulnerabilities in security systems; assess security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, PCI, etc.); apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth); determine how a security system should work (including its resilience and dependability capabilities) and the impact of changes in conditions, operations, and/or the environment; participate in the development and refinement of the cyber operations objectives, priorities, strategies, plans, crisis action plans, and programs; work alone or in teams, with limited supervision in sometimes difficult circumstances while maintaining attention to detail; prepare and maintain a variety of records, statistics and documentation. Preference will be given to candidates with deployment and experience in cloud adoptions. The role also requires strong analytical and time management skills and skill in the use of software applications.

Candidates who apply by Friday February 5, 2021 will be given first consideration.

Copies of relevant professional certificates or degrees will be required at the time of the interview.

We thank all candidates for applying, but only those short listed will be contacted.

Apply to this position

EQUAL OPPORTUNITY EMPLOYER
Visit us at www.burnaby.ca

View Original Source Source