Cyber Security Consultant
Cyber Security Consultant
Region: Greater Toronto Area
Employment Type: Contract
Security Clearance: No Clearance Required
Language Requirements: English
Job Reference Number: 37492-KC
As a Cyber Security consultant for various clients, you will enable clients to operate securely. The consultant will be able to identify, assess, protect, prioritize, communicate, and respond to vulnerabilities and threats across the infrastructure and applications of the company’s ecosystem. The candidate will also be expected to develop new strategies, processes, best-practices, and tools that contribute to the cyber security process. The ideal candidate will have good general knowledge of security concepts, significant experience, and proven expertise in both application and infrastructure assessments.
As a consultant, you possess technical leadership and consulting expertise. From the point of strategic decision making down to project planning and execution, you have had the previous responsibility of presenting findings and recommendations to all levels within the company.
What you will be doing:
- Provide penetration testing assessments and application security consultations across various platforms
- Coordinate with business and engineering stakeholders to develop requirements and a plan to implement security service enhancements
- Develop automation strategies
- Coordinate and evaluate 3rd party vendors and internal engineering organization to develop integration solutions and automation requirements
- Coordinate with DevOps team members to ensure security projects and activities are completed on time and with minimal impact to the business
- Conduct research on emerging security technologies, products and services
- Conduct TRAs and HTRAs
- Provide architectural consulting expertise, direction, and assistance to Business Systems Analysts, Business Solutions Architects, Infrastructure team, and Application Developers.
- Provide technical leadership for Threat Assessment and response.
- Accountable for Cyber Intelligence and Response Lifecycle.
- Identify potential sources of application security risk, prioritizing them based on risk impact.
- Developing and documenting multiple options for revised IT architectures and changes to the technology portfolio, with recommendations for security optimization
- Provide guidance on Threat Assessment and Response initiatives in alignment with the strategic and operational objectives of the technology organization and the business.
- Developing, documenting, communicating and enforcing a technology standards policy.
- Designing, developing and overseeing implementation of end-to-end integrated security systems.
- Identifying where change is required (development of a Gap mitigation plan) in order to keep the Security Architecture vital, sustainable and ready to support business capabilities.
- Ensuring alignment between different domains of IT architecture.
- Assess information security environments for architectural deficiencies and effectiveness of existing technical, operational, and management controls and safeguards;
- Prepare detailed written reports of a high standard and communicate your findings and recommendations effectively both orally and verbally;
- Analyze and recommend remediation strategies that will address each vulnerability and mitigate risks while considering client constraints;
- Provide technical information security advice to internal stakeholders with regard to technology projects in order to ensure that security is considered and applied prior to deployment in line with relevant SDLC processes.
Experience you bring:
- University degree in Computer Science, Engineering, Mathematics or a related disciple.
- 7+ relevant experience in Security, infrastructure, and/or application design
- Experience conducting or supporting IT Audits, TRA and HTRA and ISF IRAM2 and Security assessment methodologies, practices and frameworks
- Experience in security systems, executing extensive pentests with various tools, Kali, VPN and SSO technologies, Qualys security scanner, Threat Management, IPS, IDS, code release automated security testing, tools for security alerts, Linux security hardening experience
- Experience with AWS services as Cloud Watch, AWS Inspector, AWS GuardDuty
- Hands-on experience with common security tools and products (e.g. IDS/IPS, NGFW, WAF, SIEM/Log management, auditing/vulnerability assessment, forensics)
- Experience with HIPAA, PCI-DSS, or similar regulations preferred
- Hands-on experience with business requirements gathering and analysis.
- Extensive experience developing Cyber attack scenarios and simulations.
- Knowledge of security standards (ISO 27001/2, NIST 800-53, IEC 62443, etc.) frameworks (NIST Cybersecurity, COBIT, ITIL, etc.) and regulations
- Proven project planning and management experience.
- Good understanding of the architectural principles of cloud-based platforms including IaaS, PaaS and SaaS.
- Time management skills, ability to meet deadlines
- Ability to function in a fast-paced, flexible environment
- Expertise on project and software development lifecycle, gates and process oriented
- Ability to make public presentation and demonstration to customers
- Excellent knowledge of security and risk management trends as well as emerging threats and vulnerabilities;
- Expert knowledge of security controls and countermeasures (defense in depth) including practical experience with identity management, cyber-security and IT processes / solutions;
- Excellent knowledge of application development methodologies (Agile, Waterfall, Dev Ops) and the processes and practices used to secure them;
- Strong leadership and facilitation skills with an ability to build relationships with stakeholders;
- Highly self-motivated, self-directed and attentive to detail;
- Ability to thrive in a fast-moving environment, with high tolerance for change;
- Effective reporting and presentation of risk assessment findings and risk mitigation recommendations through formal and structured documentation;
- Good knowledge of networking, VPNs, VLANs, NAT, switching and routing, and related network security concepts;
- Knowledge of malicious software techniques and defenses;
- Excellent verbal and written communication skills;
Nice to Have:
- Good understanding of Secure SDLC and Secure DevOps is an asset.
- Experience in CI/CD is an asset.
- CISSP, Linux, AWS, A+, Network+, MCP, MCSE, MCITP, or a similar certification preferred
- Azure AD and other cloud services, Office365, RMS (Rights Management Services), Windows as Service, popular Operating Systems (Windows, Solaris, Linux, Unix, Mac OS);
- Knowledge of SIEM tools and Firewalls
Other Additional Comments:
Are you an ADGA employee or consultant? If so, check out our new referral program!
ADGA Group Consultants Inc. has policies and procedures in place to support its employees with accommodation requirements throughout the organization.
Accommodations are available on request for candidates taking part in all aspects of the selection process. If accommodation is required, it is requested that you contact ADGA’s Accessibility Officer.