Security Analyst, Security Testing

About The Position

Requirements

• Post-secondary education, or equivalent experience in computer science, information technology or related fields.
• Minimum five (5) years’ experience in a combination of information systems and information security related roles.
• Minimum of three (3) years of experience in conducting Penetration Tests.
• Minimum of three (3) years of experience in Vulnerability Testing and Vulnerability Management.
• Minimum of one (1) year of experience testing AI/ML applications or working with Adversarial AI frameworks (e.g., MITRE ATLAS).
• Ability to identify and understand cyber threats and trends and apply security knowledge to strengthen defenses including protective, detective, and compensating controls.
• Ability to employ Offensive cyber techniques.
• Knowledge of exercise design and execution (with a focus on Red, Blue and Purple Team Exercises).
• Deep understanding of the OWASP Top 10 for LLMs (Large Language Models) and the MITRE ATLAS™ framework (Adversarial Threat Landscape for Artificial-Intelligence Systems).
• Possesses an in-depth understanding of various testing methodologies (i.e. OWASP Web & Mobile testing methodologies, CREST, etc.).
• Eligibility to obtain and maintain a Government of Canada Reliability Clearance and successfully complete enhanced background checks that may be carried out by Payments Canada.

Nice To Haves

• Knowledge of and experience in intelligence tradecraft, international threats impacting the financial sector.
• Possess or are in the process of obtaining at least one of the following industry certifications; CPTS, OSCP, GXPN or equivalent.
• Knowledge of and experience in the Canadian Financial services or Payments industry.
• Bilingualism (English and French).

Responsibilities

• Design and execute a layered approach to testing for the Security Operations Team which includes tabletop exercises, scenario-based testing, Red Team, Blue Team and Purple team exercises to evaluate and improve detection, response and recovery capabilities.
• Engage in the development and execution of industry-wide annual exercises through the Resilience of Wholesale Payments Systems (RWPS) program to test industry response to cyber-attacks.
• Manage annual holistic Penetration Tests against Payments Canada infrastructure.
• Conduct discrete internal red team/blue team testing across all of Payments Canada’s corporate and payment system infrastructure environments in coordination with the relevant stakeholders.
• Validate the effectiveness of security operational controls at the individual and team levels.
• Engage with other business leaders at Payments Canada and within industry as a Security Subject Matter Expert (SME) for planned exercises external to the Security Team.
• Maintain a strong grasp of security strategy, solid security subject matter expertise, and strong interpersonal and communication skills to present recommendations in a compelling manner to all audiences, including technical staff, middle management and partners.

Benefits

• Flexible, hybrid (remote/office) environment.
• Competitive compensation package, including annual variable bonus and defined contribution pension plan with employer matching percentage (if eligible).
• Comprehensive health and dental benefit coverage, including mental health coverage, life insurance and a health spending account for you and your dependents (Permanent and temporary employees with contracts 12 months and over).
• Paid time off: minimum four weeks paid vacation, sick and personal days, December holiday shutdown and cultural holiday observance days.
• 26 weeks of paid maternity and parental leave top-up (if eligible).
• Rewards and recognition program.
• Access to office gym facilities.
• Internal and external professional development opportunities.
• Fun team and organizational events.
• Monthly all staff forums led by our Executive Leadership Team.