Cyber Security Practitioners (Various levels)

Cyber Security Practitioners (Various levels)

The Communications Security Establishment (CSE) is Canada’s agency responsible for foreign signals intelligence, cyber operations and cyber security. Learn more about our mission .

CSE is currently looking for Cyber Security Practitioners to work in a dynamic and innovative environment. As a Cyber Security Practitioner, you will be using your expertise to provide cyber security advice and guidance, design and develop secure IT solutions, and to review product and solution assessments according to security risk management principles in a variety of positions relating to Cyber Security.

We are looking for individuals who are curious to learn new technologies, who possess great communication skills and enjoy collaborating with others to deliver exceptional services to clients. We are seeking candidates who are highly self-motivated, who are problem-solvers and who can balance conflicting priorities in a fast-paced environment.

When applying to this process, candidates will be asked to select which positions they would like to be considered for. Matching applicants to the best hiring groups will be based on a combination of the candidate’s interest and organizational need. The intent is to fill a variety of positions. These positions include (but may not be limited to):

Cyber Security Advisor
Provides advice and guidance to clients by:

• Performing design reviews and participating in design workshops.
• Liaising between partners/clients and our internal technical staff.
• Representing CSE in technical partner/client discussions.
• Working with design, engineering, and IT security teams to assess risk for IT systems or cloud.
• Creating practical and technical advice and guidance on cyber security.

Information Systems Security Developer/Architect/Engineer
Develops and documents innovative secure IT security solutions– such as:

• Secure cellular/wireless capabilities
• Wireless intrusion detection and continuous monitoring solutions
• Secure cloud environments
• Maintaining a cyber security research environment

Cyber Security Analyst

• Specializes in network and IT infrastructure security and understands cyberattacks, malware and behaviour of cybercriminals.
• Investigates, analyzes, and helps clients respond to cyber security incidents.
• Searches for threats to Canada’s threat surface, including ongoing cyber activity and vulnerabilities in software, hardware, or firmware.
• Produces reports relating to cyber activities for dissemination to partner/clients.

Information Security Assessor

• Assesses IT systems, applications, and networks for security vulnerabilities.
• Performs static and dynamic analysis of software and systems.
• Uses industry tools, techniques and methodologies to detect, analyze and exploit network vulnerabilities.
• Provides tailored advice and guidance to clients based on these assessments.
• Conduct, or assist Government Departments in conducting IT security and risk assessments on cloud service providers (CSPs).

Salary range

To find out more about our salary scale, vacation allowances and benefits (health, dental and pension plans, etc.) visit the compensation page on our website.

Area of selection

Open to Canadian citizens.

Location

The majority of our jobs are in Ottawa, Ontario. CSE has two accessible facilities. Flexible work arrangements, including telework for a portion of the work week, may be possible.

A valid Enhanced Reliability Status (ERS) or an Enhanced Top Secret (ETS) security clearance is a condition of employment that must be met before an offer can be made.

In order to be considered, your cover letter must clearly explain how you meet the following education and experience requirements.

Education

You must have either one of the following:

• A University degree in a field related to the position, such as (but not limited to): Computer Science, and Engineering,
• A College diploma in a field related to the position (as above),
• An acceptable combination of education and experience relevant to the position.

Note: The educational program must be recognized in Canada, and you must be able to provide proof of education credentials. Students graduating within the next twelve months are eligible to apply.

Experience

You must demonstrate two (2) of the three (3) following criteria:

• Experience in designing, creating, testing, or deploying IT security solutions.
• Experience in designing, analyzing, planning, developing or implementing IT programs, projects, or technical systems.
• Experience providing advice and recommendations to clients, peers, or management in IT.

Recent graduates should note that school projects can be considered as relevant experience.

The following technical, behavioural and leadership competencies will be assessed at a later date. You do not need to include information about them in your application.

• Knowledge of Information Management (IM)/Information Technology (IT) Architecture
• Knowledge of Information Technology (IT) Security
• Knowledge of Information Technology
• Accountability/autonomy
• Interactive communication
• Working in a team
• Change and innovation

Assets

Assets are “nice-to-have” expertise and skills we’re interested in. They may be used to identify which team you could best complement, or they may be invoked as a volume management strategy.

• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)

Note: The educational program must be recognized in Canada and you must be able to provide proof of education credentials. Students graduating within the next twelve months are eligible to apply.

• Experience in network virtualization, cloud technologies and/or cryptography.
• Experience in Identity and Access Management.
• Experience presenting briefings to clients, peers, or management in IT.
• Experience writing or working with Threat and Risk Assessments.
• Experience in product testing and evaluation.
• Experience in the security-related system management of either Windows or Linux server(s) or workstation (including VMs).
• Experience in the security configuration of enterprise telecommunications / unified communications platforms and/or enterprise networking (e.g. Cisco, Juniper).
• Experience with security protocols (e.g. TLS, HTTPS, IPSec, IKE), communications protocols (e.g. VoIP/SIP, REST interfaces, RCP, TCP streaming) and/or analysis tools (Wireshark, tcpdump, SIPp, etc.).
• Experience in component hardening and/or writing/editing component hardening guides.
• Experience evaluating and testing IT security products against security requirements (e.g. Common Criteria, FIPS 140-2, High Assurance standards).
• Experience using vulnerability assessment software and tools (Nessus, Nexpose, nmap, Burpsuite, Qualys, OpenVAS).
• Experience with designing or implementing an Enterprise Vulnerability management program.
• Experience with the security control catalogue specified by ITSG-33 or NIST 800-53.
• Experience conducting cyber security functions (configuring, collecting logs, monitoring, hardening, etc.) in a public cloud.
• Experience in handling cyber incidents.
• Experience in scripting or automation.

The following asset technical, behavioural and leadership competencies will be assessed at a later date. You do not need to include information about them in your application.

Operational requirements

Overtime and standby duty may be required.

How to apply

You may submit your candidacy online by selecting “Apply” at the bottom of this page.

If you cannot apply online or have a disability preventing you from applying online, please inform us by email at careers-carrieres@cse-cst.gc.ca prior to the closing date of this selection process.

We ask you to not discuss your application with others (including on social media) besides your partner, or close family members- who should also be reminded about the need to be discreet.

Assessments of candidates are conducted in the official language of their choice.

To address CSE’s current representation gaps, priority may be given to persons who self-declare as belonging to the following designated employment equity groups: women; Indigenous peoples, including First Nations who are status, or registered and non-status, or non-registered, Inuit and Métis; persons with disabilities, including people with a mental health condition and neurodivergent people; and persons from racial or ethnic groups.

Please note the Employment Equity Act , which is under review, uses the terminology Aboriginal peoples and visible minorities.

CSE offers an assessment process that will accommodate any reasonable measures you require to be assessed in a fair and equitable manner. Those measures are available to all candidates during our processes. Information you provide will be addressed confidentially.

The level of competence demonstrated in the various assessments will be used to determine your qualifications for the UNMA-07, UNMA-08 or UNMA-09 level.

If you do not meet all technical competencies, you could be considered for an underfill appointment. (If during the assessment phase of the selection process, a candidate has not demonstrated the required proficiency level for some of the technical competencies of the position but has demonstrated the potential to develop those competencies through specified training and/or development, an underfill appointment could be considered. The candidate would be appointed at one level lower than the substantive level of the position). In which case, an individual development plan will be established, depending on your qualifications and experience.

All communications with CSE relating to this process, including email messages and telephone conversations, may be used in the assessment of qualifications.

The intent of this process is to fill vacant positions at CSE. The process may also be used to establish a pool of qualified candidates which could be used to staff similar or identical positions with various tenures.

Due to the nature of CSE’s mandate certain roles may expose employees to content that is difficult to process. Mental health is a priority at CSE and if any personnel feel they require assistance to preserve their mental wellbeing, they have access to services, tools and other resources to help them in both their personal and professional lives.

We thank you for your interest in CSE. However, only those selected for further consideration will be contacted.