Senior Vulnerability Management Specialist (1 year contract)
TMX operates global markets, builds digital communities and analytic solutions that facilitate the funding, growth and success of businesses, traders and investors.
The Information Security Office (ISO) at TMX is responsible for researching, deploying and maintaining Security Technologies that support our defense in depth strategy in accordance with TMX regulations and policy. This includes vulnerability management deployments and tie-ins to threat intelligence and audit reporting capabilities.
Reporting to the Senior Manager of Security Operations, we are seeking a highly motivated and experienced Senior Vulnerability Management Specialist to join our team. The ideal candidate will have a deep understanding of vulnerability and patch management principles and practices, as well as a proven track record of successfully managing and mitigating vulnerabilities and applying patches in complex IT environments.
Responsibilities:
- Lead and manage the organization's vulnerability program and work with the patch management program lead, including defining and implementing policies, procedures, and standards.
- Conduct comprehensive vulnerability assessments on a regular basis to identify and prioritize vulnerabilities based on risk, and using various other prioritization tools.
- Develop and implement strategies to mitigate and remediate vulnerabilities, including deploying patches, updating software, and implementing security controls.
- Collaborate with cross-functional teams, such as IT operations, security, and development squads, to ensure effective implementation of vulnerability and patch management solutions.
- Stay up-to-date on the latest vulnerability, patch trends and threats by monitoring security bulletins, advisories, and industry news.
- Provide regular reports to management on the status of the vulnerability and patch management program, including metrics on vulnerabilities identified, patched, and outstanding.
- Educate and train various IT and non-IT employees on vulnerability and patch management best practices, to raise awareness and promote responsible security behavior.
Qualifications:
- Bachelor's degree in Cyber Security, IT Security, Computer Science, Information Technology, or a related field.
- 5+ years of experience in vulnerability and patch management, with a focus on sophisticated IT environments.
- 4+ years experience with vulnerability and patch management tools and techniques, such as Rapid7 Nexpose, InsightVM, and Kenna (Cisco VM).
- Experience with enterprise web application security platforms for scanning, SAST and DAST activities, such as BURP Suite, ZAP, Acunetix, Sonatype Nexus Repository, Sonatype Repository Firewall, and Sonatype Lifecycle.
- Experience with enterprise patching platforms, such as Ivanti LANDesk, JAMF, Automox, and Microsoft SCCM is an asset.
- Strong understanding of risk assessment and mitigation strategies, including common attack vectors and exploit techniques.
TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it.