The Role

As a key member of our Cyber Resilience Team, the Senior Cyber Resilience Analyst role will be responsible for the delivery of eSentire Managed Vulnerability Service (MVS) including testing and assessment of customer network infrastructure and applications. Activities will include but are not limited to vulnerability assessments, evaluating information security controls and solutions, detailed reporting, and providing remediation recommendations for identified issues. The role will also provide subject matter expertise in areas of network security, application security, attack & defense techniques and countermeasures, supporting both external and internal Clients.

Requirements

• University Degree or College Diploma in Computer Sciences, Information Technology or a related field or equivalent combination of education and experience
• Minimum of 5+ years of information security experience in either testing or consulting roles
• Technical knowledge of security industry best practices and procedures
• Understanding of UNIX and Windows-based operating systems, networking, firewalls and the TCP/IP protocol suite is required
• Understanding of security assessment frameworks and procedures, including following industry best practice methodologies for penetration testing (e.g., OWASP guidelines).
• Demonstrated experience running and managing network and application vulnerability scanning and assessment tools
• Provide support for Sales and Technical Pre-Sales opportunities in collaboration with eSentire’s Sales team
• Collaborate with the security research teams across the company to improve the quality of service delivered
• Excellent verbal and written communication skills including the ability to write clear and concise assessment reports
• What experience would be useful in this role?
• Experience with deploying and utilizing vulnerability assessment tools:
• Network, endpoint and web application scanners
• Enterprise vulnerability management platforms (e.g. Tenable, Rapid7)

Desired

• Project management experience related to information security assessment projects.
• Knowledge of security compliance policy, programs, processes, and metrics.
• Non-vendor specific certifications such as:
• Any GIAC security certification
  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Risk Management Professional (CRMP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Information Systems Security Management Professional (ISSMP)
  • System Security Certified Practitioner (SSCP)
• Some scripting & programming knowledge is an asset.
• Vulnerability assessment experience in OT environments is an asset.