Information Security Analyst — Cybersecurity  

The Information Security Analyst will act as a cybersecurity technical expert and implement practices to ensure information security and sound IT governance. The analyst will advise department leaders in order to protect the personal information of our customers, staff, and suppliers, and sit on the Cybersecurity Committee and the Computer Emergency Response Team (CERT). 

The technological environment:
Our infrastructure processes several billion web requests a month and is one of the largest e-commerce platforms in the country. The Information Security Analyst will work on the Linux and Windows systems, as well as platforms such as Ansible, Cloudflare, Oracle ATG, Amazon Web Services, Docker, and UCS Manager. Our environment includes a national IP network and multiple world-class data centres. 

Responsibilities: 

• Participate in various technological projects as part of the organization's digital transformation. 
• Coordinate intrusion testing and follow up on implemented patches. 
• Coordinate purple teaming activities. 
• Validate submissions from our responsible vulnerability disclosure program (Bug Bounty) and ensure an appropriate response to them. 
• Analyze risks and privacy impact assessments (PIAs). 
• Implement processes to ensure sound identity and access management (IAM). 
• Strengthen the systems' authentication and authorization processes by rolling out robust authentication mechanisms. 
• Analyze and configure security equipment such as firewalls, intrusion detection systems, WAF, vulnerability scanners, anti-virus and anti-spam software. 
• Analyze security tool configurations and make improvements where necessary. 
• Participate in the cybersecurity incident management. 
• Monitor developments in the technology security sector. 
• Take part in the vulnerability management process. 
• Collaborate with security service providers. 
• Perform any other related information security duties. 

Requirements: 

• Bachelor's degree in Computer Science, Software Engineering, IT Engineering, Electrical Engineering, or any other relevant training and/or experience. 
• Good knowledge of operating systems' security models and major cloud platforms. 
• Excellent knowledge of current web vulnerabilities (OWASP Top 10). 
• Good knowledge of modern authentication mechanisms (MFA, SAML, OIDC, WebAuthn, etc.). 
• Excellent understanding of the public key infrastructure (PKI). 
• Basic programming knowledge. 
• Great team player and good communication skills. 
• Rigour and meticulousness. 
• One or more recognized certifications in the cybersecurity industry (CISSP, CEH, OSCP, CCNA Security, CompTIA Security+, etc.)—an asset. 
• Experience using Cisco products (Catalyst, Nexus, Firepower, Umbrella, Duo, ISE, etc.)—an asset. 
• Knowledge of security frameworks (PCI-DSS, NIST, ISO27001)—an asset. 
• Be able to speak and write in English and French to communicate effectively with French- and English-speaking stakeholders and to work on projects, systems, and tools in English.

Benefits: 

• Flexible hours and the possibility to work from home two days a week. 
• Employee and Family Assistance Program. 
• Telemedicine service. 
• Group insurance plan and RRSP. 
• Up to 40% off your Simons purchases. 
• Collaborative workspace that fosters connections between teams. 
• Spacious offices. 
• Bright and comfortable break areas. 
• Training area with changing rooms and kinesiology services. 
• Cafeteria service offering an extensive and affordable menu. 
• Access to an online technical training platform for continuous learning. 
• Financial contribution for completing eligible certification exams (CISSP, CEH, GSEC, and any other certification deemed relevant to perform your duties). 
• Financial contribution for participating in cybersecurity events. Opportunity to attend international events and diversify your network of contacts in the field. 

Apply online by filling out the form below to take advantage of this career opportunity.