Job posting – Senior Security Analyst

The Ministry of Citizens’ Services of the BC Provincial Government is looking for a Senior Security Analyst for the BCDevExchange organization.

Ministry of Citizens’ Services
Multiple Locations

Senior Security Analyst $72,724.97 $83,014.85 annually plus 9.9% Temporary Market Adjustment

This is a virtual position that can be performed from any location in BC.

The BCDevExchange organization embraces experimentation, innovation and empowerment. By adopting the principles, values and practices of the BCDevExchange, partner government entities adapt their typical ways of working to better align with leading practice amongst technology companies and digital agencies. Our work centers around the Exchange Lab where we host digital delivery teams working to solve priority public challenges. Digital Delivery Teams learn and improve their product with direct feedback from users every few weeks and deliver substantial value within a year.

The Senior Security Analyst is part of a cross-functional team that is responsible for the support of DevOps Containerized Platforms, DevSecOps framework and service adoption in the government. This role provides expert level information security advice and monitoring for on-prem and cloud-based platforms as your primary persona, while creating information security context for site reliability purposes, changing operational cultures and supporting DevOps teams. This position requires big-picture thinking, strong knowledge of government administration, a broad and open view of the IM/IT environment, strong experience with information security frameworks and methodologies and a dedicated commitment to improving security posture.

The BC Public Service is an award-winning employer and offers employees competitive benefits, amazing learning opportunities and a chance to engage in rewarding work with exciting career development opportunities. For more information, please see the webpage titled “What The BC Public Service Offers”.

The BC Public Service is committed to creating a diverse workplace to represent the population we serve and to better meet the needs of our citizens. Consider joining their team and being part of an innovative, inclusive and rewarding workplace.

The Indigenous Applicant Advisory Service is available to applicants that self-identify as Indigenous (First Nations, status or non-status, Métis, or Inuit) seeking work or already employed in the BC Public Service. For advice and guidance on applying and/or preparing for an interview for this opportunity, we invite applicants to connect with the Indigenous Applicant Advisor Amanda by email: IndigenousApplicants@gov.bc.ca or by phone: 778-698-1336.

Qualifications for this role include:

  • Degree, diploma or certificate in Computer Science or related discipline or an equivalent combination of education, training and experience.
  • Experience conducting log review/monitoring.
  • Minimum 3 years’ experience identifying suspicious or malicious events.
  • Minimum 3 years’ experience using security monitoring tools, vulnerability scanning and conducting complex breach investigations.
  • Minimum 3 years’ experience conducting complex information security threat and risk assessments.

For more information and to apply online by July 5, 2021, please go to: https://bcpublicservice.hua.hrsmart.com/hr/ats/Posting/view/77456

Job posting — Senior Cyber Threat Analyst

Raymond James Ltd. is seeking a Senior Cyber Threat Analyst to work in their Burnaby office.

Responsibilities:

  • Mentors CTC analysts while contributing to the fulfillment of both the CTC’s mission and leadership’s vision;
  • Serves as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents on a daily basis in a fast-paced environment;
  • Acts as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process;
  • Role embodies Cyber Network Defense and a successful Cyber Threat Analyst will be able to quickly analyze threats, understand risk, deploy effective countermeasures, make business critical incident response decisions, and work as part of a team of individuals dedicated to protecting the firm;
  • Maintains situational awareness for cyber threats across the global firm and take action where necessary;
  • Daily responsibilities include, but are not limited to:
    • Countermeasure deployment across various technologies
    • Malware and exploit analysis
    • Intrusion monitoring and response
    • Assessing alerts and notifications of event activity from intrusion detection systems and responding accordingly to the threat
    • Continuing content development of threat detection and prevention systems
    • Data analysis and threat research
  • Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends;
  • Assists teams in various security and privacy risk mitigation efforts; including incident response;
  • Leads or participates in information security related projects or in managing strategy;
  • Conduct forensic investigations for HR, Legal, or incident response related activities;
  • Develop new forensic detective and investigative capabilities using current technical
  • solutions;
  • Work with various business units and technical disciplines in a security consultant role for cyber threats; and
  • Shares in a weekly on-call rotation and acts as an escalation point for managed security services and associates of Raymond James.

Experience and Skills:

  • B.Sc. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of three (3) years of related experience in Information Security or an equivalent combination of education, training and experience. Experience should include a minimum of two (2) years in conducting Cyber Network Defense and a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics;
  • Preferred experience includes a minimum of four (4) years in conducting Cyber Network Defense, a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics and four (4) years of experience with in-depth forensic and intrusion analysis;
  • Systems administrator experience in Linux, Unix, Windows or OSX operating systems;
  • Knowledge of networking and the common network protocols;
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash;
  • One or more of the following certifications or the ability to obtain within 1 year:
    • OSCP – Offensive Security Certified Professional
    • OSCE – Offensive Security Certified Expert
    • GXPN – Exploit Researcher and Advanced Penetration Testing
    • GREM – GIAC Reverse Engineering Malware
    • GCFA – GIAC Certified Forensic Analyst
    • CCNP – Cisco Certified Network Professional
    • Knowledge of the following highly preferred:
  • Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis
    • Operating systems, such as Windows, Linux, or OSX
    • Forensic and analytical techniques
    • Networking and the common network protocols
    • Demonstrated ability to create complex scripts, develop tools, or automate processes
    • Demonstrated ability to perform static and dynamic malware analysis
    • Demonstrated ability to analyze large data sets and identify anomalies
    • Demonstrated ability to quickly create and deploy countermeasures under pressure
    • Familiarity with common infrastructure systems that can be used as enforcement points

Competencies:

  • Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions;
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message;
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences;
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise;
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals; and
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

If you would like to join their team, please send a resume and covering letter, quoting the position and Job Posting # 21-191 by June 24, 2021 to:

Human Resources
Raymond James Ltd.,
2100 – 925 West Georgia Street
Vancouver BC V6C 3L2
Email: resumes@raymondjames.ca

Raymond James requires applicants to complete a background verification process prior to commencing employment, including but not limited to a credit and criminal record check.

Raymond James sincerely thanks all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. They are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

June 11th, 2021 meeting

DATE:June 11th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Tear it Down and Start Over
PRESENTER(S):  Deb Radcliff

ABSTRACT

It’s time to cut our losses and replace our network computing model with something completely different.

As the tech industry pushes businesses into adopting their versions of digital transformation, the heart of all technology is still based on IP, which dates back to 1983. Trying to secure networks by adding layer after layer of security up and down the TCP/IP stack and down into the hardware layers is not working and will not scale. Even at the developer layer, where all this transformation is occurring, attackers are deep into their code repositories and loading malware through their build servers (such as in the SolarWinds Orion patch update that was introduced to 1800 downstream clients and infiltrated more than 100 high-level government intelligence and tech agencies in the US).

We need to figure out a new way to network. What do we replace IP with that is both more efficient and naturally secure (versus trusting the way IP is)? That should be the biggest question on everyone’s mind who’s working toward digital transformation.

Will AI come to the rescue or is it just another technology that can be used against us? What about Quantum networking? Can we move data faster than light more securely than IP transport? Can we somehow return ownership of data to the humans behind that data in the process?

In this session, Deb Radcliff raises provocative questions about future networking and access technologies. So be prepared to answer questions. For example, will we ever actually replace IP? Is AI truly autonomous? Would you take a human chip implant if it were the only means to access your data? If so, what would be your security requirements?

Radcliff will also tell stories of how she became the industry’s first beat reporter starting in 1996 after assisting Jon Littman with research for his best-selling book, “The Fugitive Game,” about hacker on the run, Kevin Mitnick. She will share her experiences and the many colorful characters she’s met from the days before we had cybercops and information security programs.

These characters and experiences are also fictionalized in book I of her cyberthriller series, Breaking Backbones: Information is power, which takes place in the near future (available at Amazon, her publisher (free shipping), and all booksellers). In it, hackers rise up against GlobeCom who takes over the world through human chip implants. She’s nearing completion of book II, “Information Should Be Free,” part of which delves into super smart AI and future networking—and that’s why she’ll be picking your brains around these tough subjects.

BIOGRAPHY

Deb Radcliff is an author, speaker and analyst with extensive background in cybersecurity and cybercrime reporting. In 1996, after researching a best-selling book about computer hacker, Kevin Mitnick authored by Jon Littman, she decided to make cybercrime a beat. At first, she relied on gray and white hat hackers to give her the scoop on hacking techniques and then she built relationships with newly-minted cyberagents and leaders at the FBI, several agencies within DoD, the Secret Service, CIA, NYPD and many other local and federal agencies. Her articles are cited in numerous research papers and college textbooks, and she’s won two Neal Awards for investigative reporting and was runner up for a third. She’s spoken at West Point, HOPE 2000 and other events, and is currently speaking regularly in online venues. She also stood up an Analyst Program at SANS Institute and ran it for 15 years until April 2020.

Today, as a cybersecurity analyst and author, she writes for CSO and manages her own blog OnlineCrimeBytes, runs the Shift Left Academy content program. In April 2021, Radcliff published her first cyberthriller book, Breaking Backbones: Information is Power. The book is part one in a three-part fictional series set in the not-too-distant future when a powerful entity called GlobeCom takes over the world through human chip implants and the hackers mount a coordinated defense to break GlobeCom’s network backbone.

Job posting — Incident Response Cyber Threat Analyst

Raymond James Ltd. is seeking an Incident Response Cyber Threat Analyst to work in their Burnaby office.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, the Raymond James Cyber Threat Center (CTC) is charged with ensuring all equities are secure against all tiers of adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. This analyst will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm.

Specifically this individual will:

  • Serve as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents on a daily basis in a fast-paced environment;
  • Act as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process;
  • As part of the Cyber Network Defense be able to quickly analyze threats, understand risk, deploy effective countermeasures, make business critical incident response decisions, and work as part of a team of individuals dedicated to protecting the firm;
  • Maintain situational awareness for cyber threats across the global firm and take action where necessary;
  • Maintain knowledge of security principles and best practices. Must remain current with emerging threats and trends;
  • Assist teams in various security and privacy risk mitigation efforts; including incident response;
  • Lead or participate in information security related projects or in managing strategy;
  • Conduct forensic investigations for HR, Legal, or incident response related activities;
  • Develop new forensic detective and investigative capabilities using current technical solutions;
  • Work with various business units and technical disciplines in a security consultant role for cyber threats;
  • Act as an escalation point for managed security services and associates of Raymond James.

Daily responsibilities include, but are not limited to:

  • Countermeasure deployment across various technologies;
  • Malware and exploit analysis;
  • Intrusion monitoring and response;
  • Assessing alerts and notifications of event activity from intrusion detection systems and responding accordingly to the threat;
  • Continuing content development of threat detection and prevention systems;
  • Data analysis and threat research;

Limited weekend after-hours / on-call cyber threat support rotation may be required.

To qualify for this opportunity, candidates must possess:

Experience and Skills:

  • B.Sc. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of five (5) years in Information Technology, with at least three (3) years of related experience in Information Security or an equivalent combination of education, training and experience. Experience should include a minimum of two (2) years in conducting Cyber Network Defense and a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics;
  • Systems administrator experience in Linux, Unix, Windows or OSX operating systems;
  • Knowledge of networking and the common network protocols.
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash;
  • One or more of the following certifications or the ability to obtain within 1 year:
    • CISSP: Certified Information Systems Security Professional
    • CCNA: Cisco Certified Network Associate
    • SANS: GCIH – Incident Handler
    • SANS: GCIA – Intrusion Analyst
  • Knowledge of the following highly preferred:
    • Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis;
    • Demonstrated ability to perform static and dynamic malware analysis;
    • Demonstrated ability to analyze large data sets and identify anomalies;
    • Demonstrated ability to quickly create and deploy countermeasures under pressure;
    • Familiarity with common infrastructure systems that can be used as enforcement points.

Competencies:

  • Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions;
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message;
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences;
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise;
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals;
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.
  • NOTE: This role is required to work a permanent 2 p.m. to 10 p.m shift Monday – Friday in their Burnaby office. Paid parking is provided.

This is a permanent full-time position with a competitive compensation and benefits package.

If you would like to join the Raymond James team, please send a resume and covering letter, quoting the position and Job Posting # 21-176 by June 18, 2021 to:

Human Resources
Raymond James Ltd.,
E-mail: resumes@raymondjames.ca

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. Raymond James requires applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

Raymond James sincerely thanks all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.