IT Security Vulnerability Engineer
Salary depends on experience
Posted on 03/10/18
Confidential Company
Toronto, ON
IT Consulting/Services
Salary depends on experience
Posted on 03/10/18
Job Title: IT Security Vulnerability Engineer - Direct Hire / Full Time / Perm
Job Location: Toronto, ON
Job Type: Full Time / Perm / Direct Hire + Benefits
?US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.?
Job Description:
- Experience in managing and addressing Operating System and Application vulnerability in a complex corporate environment
- Conducts scans and tests on a predetermined and adhoc basis
- Identifies critical vulnerabilities within the network, information systems and applications that could be exploited.
- Validates report findings to reduce false positives
- Identifies, validates and remedaites identified vulnerabilities
- Ensures compliance with information security policy and regulatory requirements.
- Compiles and tracks vulnerabilities over time to provide historical trend reporting and key risk indicators.
- Performs vulnerability management system administration functions as required.
- Facilitates penetration testing with third party service providers on web-based applications, networks and computer systems.
- Provides guidance, recommended controls, and countermeasures regrading risk management (or identified vulnerabilties).
- Evaluates findings and associated risks from penetration tests, and communicate findings and recommended remediation with stakeholders.
- Experience with vulnerability management including scoring and categorizing vulnerabilities as they relate to various business applications.
- Experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions)
Tools:
- Extensive knowledge of Enterprise Desktop Environment
- Experience with Vulnerability management tools like Qualys, CM 2016, Adaptiva etc.
- Knowledge of scriptinglanguages viz. VB Scripts, Powershell
- Working knowledge in the application security domain (OWASP, etc.)
- Understanding of web services architecture and protecting public APIs.
- Current knowledge of the latest vulnerabilities and programming exploits
- Experience with and knowledge of application securityarchitecture (e.g., operating systems, firewalls, IDS, etc.)
- Solid understanding of network protocols (TCP/IP)