Cyber Security-Systems Security Engineer

Consulting on the overall system architectures, operations concepts, or system enhancements from a security perspective

Derive security requirements, designs, solutions, and mechanisms in response to customer requirements, standards, and internal policies

Develop and maintain all security-related system artefacts (e.g., specifications, profiles, test documents, vulnerability assessments, threat models, customer reports, etc) from the customer level down to the major subsystem level for projects in development and/or in-service

Oversee the verification of security-related aspects of the product/system

Perform threat assessments and threat models of our systems/products and advise on required actions to mitigate risks

Review vulnerability and compliance scanning results, develop and prioritize necessary remediation actions for project staff to undertake

Support engineering program delivery through the development and generation of security plans and budgets

Coach and mentor junior team members.

A degree or diploma in Engineering, Computer Science, Information Technology, or relevant experience in Systems Security.

Certified Information Systems Security Professional certification

5 or more years working in an engineering or information systems environment

Understanding of DND project delivery and execution processes from requirements through commissioning and support

Appreciation of the delivery and accreditation process of systems against CSE ITS guidance (e.g. ITSG-11/22/33/38)

Experience in maintaining close working relationships with other system engineers and customer representatives

Excellent verbal and written communications and customer interaction skills, and

Exceptional leadership skills, problem-solving abilities, and project execution strengths.

Experience in accreditation (risk assessment and governance) of Classified systems for DND, involving information systems, cross-domain solutions, and multi-domain interoperability

Experience with NIST SP-800 suite (e.g.

-53,
-160) ISO/IEC, DISA STIGs, CIS, SANS standards

Experience in designing, deploying, and working in Security Operation Centres, including technologies such as Security Information and Event Management (SIEM), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and machine learning technologies, is an asset.

Hands-On experience with one or more of the following products:
Microsoft Enterprise network suite of software, SIEMs, vulnerability assessment tools, virtualization technologies, continuous monitoring, and data loss prevention tools

Establishing Business Continuity Plans and Disaster Recovery Programs

Open-Source Security Testing Methodology Manual

OWASP References and SQL Vulnerabilities

Requirements management software such as DOORS

Certified Cloud Security Professional (CCSP), or

Certified Information Security Manager (CISM).