Reference #: 7700
Location: Ottawa (Remote)
Type: Sub-contract
Donna Cona Inc. is currently seeking a Security Management and Support role for one of our key government clients.
Candidate MUST have the following:
- A minimum of four (4) years of experience developing, improving and monitoring security measures to protect computer networks, devices, applications, data information and users;
- Certified Information Systems Security Professional (CISSP) would be an asset;
- A post-secondary degree in a relevant discipline will be considered an asset;
- Knowledge of government procurement practices, financial and human resources operations, and considerable experience in payroll practices would be considered assets;
- Able to understand Government workflows, processes, and approvals;
- Knowledge of modern project management best practices and considerable experience in technical project delivery would be considered an asset.
Candidate should have the following demonstrated experience:
- Application Security: Expertise in administrating role-based access control (RBAC) within Oracle Fusion Cloud. Experience integrating security practices into the development pipeline using tools, such as SonarQube, Snyk, or Veracode for continuous application security testing. Expertise in deploying and configuring WAFs to protect web applications from attacks, such as SQL injection, XSS, and CSRF;
- Identity and Access Management (IAM): Expertise in administrating role-based access control (RBAC), multi-factor authentication (MFA), and least privilege principles;
- Experience with IAM platforms such as Okta, Microsoft Active Directory (AD), or Azure AD to manage user permissions and secure authentication processes. Expertise in implementing SSO and identity federation protocols, such as OAuth, SAML, and OpenID Connect;
- Security Information and Event Management (SIEM): Expertise with SIEM tools, such as Splunk, QRadar, LogRhythm, or AlienVault to monitor and analyze security events in real-time. Able to interpret and analyze logs to identify suspicious activities and potential security breaches;
- Vulnerability Management: Expertise in vulnerability scanners such as Nessus, Qualys, or OpenVAS to identify system weaknesses. Knowledge of automated patch management solutions to ensure systems are up-to-date and protected from known vulnerabilities. Expertise in conducting penetration testing using tools, such as Metasploit, Burp Suite, or Kali Linux to assess system security and identify potential attack vectors;
- Cryptography and Encryption: Expertise with encryption algorithms, such as AES, RSA, and ECC for securing data at rest and in transit. Experience with PKI, digital certificates, and managing cryptographic keys for secure communication and an understanding of securing communication channels with SSL/TLS protocols;
- Network Security: Experience in configuring and managing firewalls (e.g., Cisco ASA, Palo Alto, Fortinet) and IDS/IPS systems to detect and prevent unauthorized network activity. Expertise with VPN technology to monitor and secure remote access and ensure encrypted communications.
Donna Cona is committed to a diverse, equitable and inclusive workplace. We are an equal opportunity employer. We don’t discriminate on the basis of gender, gender identity, sexual orientation, race, national origin, disability, age or any other protected status. We are committed to maintaining a barrier-free recruitment process by providing equal employment opportunities through recruiting and retention of individuals.