Cyber Threat Engineer - Vulnerability Management

Raymond James Ltd. - Burnaby, BC (30+ days ago)

Apply Now

Raymond James Ltd. is seeking a Cyber Threat Engineer to work in our Burnaby office.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, Raymond James trusts the Cyber Threat Center (CTC) with ensuring all equities are secure against all tiers of cyber adversaries. We are the central hub for Computer Network Operations and are on the front lines of vulnerability management, security incident response, threat hunting, and intelligence. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm.

Responsibilities:

  • Serve as a primary member of the Cyber Threat Center (CTC) to define, implement, and manage the Enterprise Information Security Vulnerability Management Program through the identification and analysis of known and newly found vulnerabilities at Raymond James.
  • Lead vulnerability management projects and act as a vulnerability technical expert.
  • Assesses vulnerabilities for their impact and potential mitigation.
  • Report on vulnerabilities and drive remediation efforts across the enterprise.
  • Guide, review, and document internal vulnerability standards and procedures.
  • Maintain situational awareness for cyber threats across the global firm and take action where necessary.
  • Maintain knowledge of security principles and best practices. Must remain current with emerging threats and trends.
  • Assist teams in various security and privacy risk mitigation efforts; including incident response.
  • Lead or participate in information security related projects or in managing strategy.
  • Develop new vulnerability detective and investigative capabilities using current technical solutions.
  • Work with various business units and technical disciplines in a security consultant role for vulnerability remediation.
  • Act as an escalation point for vulnerability related impact to Raymond James.
  • Daily responsibilities include, but are not limited to:

o Vulnerability Scanning.

o Vulnerability Analysis.

  • Assess vulnerability countermeasure patch and configuration deployment across various technologies.
  • Assess vulnerability trends and notifications of new vulnerabilities.
  • Continuing content development for targeted vulnerability scanning and reporting.
  • Data analysis and threat research.

Experience and Skills:

  • B.S. in Computer Science, Computer Engineering, Cyber Security, or related degree and a minimum of seven (3) years of related experience in Information Security or an equivalent combination of education, training, and experience. Experience should include a minimum of three (3) years of experience with systems administration, vulnerability patching, vulnerability mitigation, and scripting.
  • Must possess knowledge and expertise in the use of Project Management methodologies and tools.
  • Knowledge with vulnerability scanning technologies such as Qualys, Tenable or Rapid7.
  • Knowledge of enterprise ticketing system technologies such as ServiceNow or BMC Software.
  • Systems administrator experience in Linux, Unix, Windows or OSX operating systems.
  • Knowledge of networking and the common network protocols.
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash.
  • One or more of the following certifications or the ability to obtain one of the certifications within 1 year preferred:

o CISSP: Certified Information Systems Security Professional

o OSCP: Offensive Security Certified Professional

o OSCE: Offensive Security Certified Expert

o GWAPT: GIAC Web Application Penetration Tester

o GPEN: GIAC Penetration Tester

o GXPN: GIAC Exploit Researcher and Advanced Penetration Tester

  • Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis.
  • Demonstrated ability to perform static and dynamic malware analysis.
  • Demonstrated ability to analyze large data sets and identify anomalies.
  • Demonstrated ability to quickly create and deploy countermeasures under pressure.
  • Familiarity with common infrastructure systems that can be used as enforcement points.

Competencies:

  • Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences.
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise.
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals.
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

This is a permanent full-time position with a competitive compensation and benefits package.

If you would like to join our team, please send a resume and covering letter, quoting the position and Job Posting # 20-031 by April 10, 2020.

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. We require applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

We require applicants to complete a background verification process prior to commencing employment, including but not limited to a credit and criminal record check. We sincerely thank all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James Ltd. recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email.

Job Types: Full-time, Permanent