Cyber Security Analyst

Background
Enterprise Security is responsible for all aspects of security within the organization including cyber, physical and personnel security. We operate with our partners in the SCADA and Automations teams to provide security to the Industrial Control Systems Network along with our partners in Information Systems to secure the corporate IT infrastructure. The Enterprise Security department within SaskEnergy continues to expand its scope of practice.

Description of Requirements

Client is seeking Two (2) Cyber Security Analysts, with deep technical cyber security skills and experience to join the Enterprise Security team. The preferred Resource will have a minimum of Five (5) years of technical cyber security engineering or analyst experience. The Resource will need to show a broad understanding of security principles, practices, and security trends. The proposed Resource MUST have experience working in a technical role in cyber security, designing, implementing and supporting security solutions, monitoring computer networks for security-related issues and responding to major security breaches.
Security Certifications (CISSP, SANS GIAC certification, CISM) and Security governance experience would be considered an asset.

Relevant Skills and Experience

1. Demonstrated Experience in securing Datacenter Virtualization and Network technologies.
2. Preparing and maintaining security processes and procedures.
3. Working Knowledge of Microsoft Active Directory Security, Windows Operating Systems Hardening, and Microsoft XDR Security Stack.
4. Conducting Threat & Risk Assessments.
5. Security Monitoring (SIEM, Centralized Logging, UEBA, SOC processes).
6. Working knowledge and experience in Offensive Security / Programming/ Application Development experience (Pen-testing, Vulnerability Assessment, Python, PowerShell, .Net, Java, DevSecOps, KQL).
7. Experience in Database Security, CASB, DLP.
8. Experience in Designing, implementing, and operating security technical controls or activities in Cloud Services (Azure, AWS, GCP, OCI, Office 365).
9. Knowledge of International Organization for Standardization (ISO) 27001/27017/27018/27032 standards, NIST and MITRE ATT&CK Frameworks.
10. Ability to work as part of a team as well as independently.
11. Strong communication (written and verbal) and interpersonal skills.

The key skills and knowledge areas required for the Cyber Security Analyst Resource are outlined in attached QDF. North American job experience is considered an asset for this proposal. Proponents are encouraged to provide specific and qualitative verbiage of other areas where their expertise can add value to our teams and make our projects as successful as possible. We are looking for a well-rounded developer to fill this role.

Contract Duration
The Contract will be effective for an initial term commencing on the date of award and ending on March 31, 2026. The Contract will automatically renew for successive one (1) year terms, a maximum of two (2) times.

RATED CRITERIA
The following is an overview of the categories for the rated criteria of the RFP.

Mandatory Requirements (Pass/Fail):
1. Candidate must have minimum 5 years Technical Cyber Security Engineering or Analyst experience.
2. Candidate must have Cyber Security Incident Handling and Response Experience.
3. Candidate must have Minimum 5 years experience in designing, implementing, operating technical controls or activities in the following domains: Identity and Access Management (AD, PAM, IDM), Network Security (IDS/IPS/NGFW, NAC, Web Proxy, VPN), Email Security and Endpoint Security (EPP and EDR, Mobile Security).
4. Candidate must have hands-on experience with Cloud Secure Web Gateway technologies including Zscaler, Palo Alto, Netskope.
5. Candidate with Security Certifications such as CISSP, CISM, SANS GIAC Certification will be considered beneficial.
Submitted proposal should have a signed cover letter stating the RFP inquiry number, proponent’s legal name and address, closing date and time, proponent’s telephone number, email address and contact person.