IT Security Specialist

Information Technology London, ON


Do you thrive in a fast-paced, dynamic environment? Are you a collaborative team member with experience providing technical support and analysis of the IT Security environment?

Are looking to take on a new challenge? If you answered yes to these questions, consider applying for the role of It Security Specialist at CARFAX Canada!

Why CARFAX Canada?

We’re the best at data; that’s why we’re Canada’s choice for detailed vehicle information. We’ve been growing for over 18 years and we know that our incredible team is what’s driven us forward, so we like to keep them incredible. The CARFAX Canada kitchen is always stocked with fresh, organic fruit, not to mention a wide range of coffee options. We offer social events like pub nights and disc golf, and wellness initiatives like in-house yoga and massage! We also have RRSP matching and an amazing benefits program, so you won’t have to worry about things like vision, dental, physiotherapy etc. On top of all that, we invest in the future of our employees – we have a comprehensive leadership training program and each team member has their own professional development budget, so they can continually build their skillsets. Plus, we support our community by participating in group volunteer opportunities and donating to the causes that matter to our team. So why work at CARFAX Canada? Because life’s too short not to work somewhere awesome.

Job Details

CARFAX Canada is looking for an IT Security Analyst who will own the security portion of the company and all of its products and services. Reporting to the Director of Technical Operations, they will support the development, implementation, monitoring, and maintenance of security controls, processes, procedures, and systems. This role provides guidance and management for information security projects and technical requirements.

If you love a challenge and have a passion for cloud-based software, we want to hear from you!

Position Responsibilities

  • Supports security technology to ensure proper operation including upgrades and installations. Aids in facilitating security training and awareness delivery. Reports, records and works with departments to resolve security related issues and incidents.
  • Owns the security position of the company and all its products and services, including PCI compliance, security monitoring, audits, and overall compliance tasks related to security. Responsible for analyzing, developing, implementing and enforcement of security, privacy and data protection requirements, policies and corporate technical guidelines
  • Identify risks to the business by evaluating business objectives, system requirements, designs and integration points.
  • Monitor and continually improve overall cybersecurity, including application security, network security, data security, and mobile security.
  • Establish actionable security levels to address risk, define mitigation strategies, metrics, reporting and program services.
  • Create maturity models and roadmaps that ensure continual program improvements.
  • Research information security standards.
  • Conduct system security and vulnerability analyses and perform risk assessments.
  • Act as an internal security consultant for system and network architecture design reviews.
  • Perform network and code vulnerability testing as well as assist responsible parties in understanding and addressing vulnerabilities.
  • Coordinate and track third-party penetration testing including scope, timelines and outcomes.
  • Provide guidance, evaluation and advocacy on testing responses.
  • Evaluate, source, implement, and support managed security services and consultants.
  • Create cybersecurity awareness content and educate personnel on security threats and best practices.
  • Performs product evaluations, recommends and/or implements products and services for the security stack.
  • Act as the primary technical lead for information security incidents and performs forensic investigations of intrusions and other cyber security events to determine root cause.
  • Provide recommendations for appropriate adaptation of the security environment to meet new demands.

Education, skill and experience required:

  • Bachelor's degree in computer science/related technical field or equivalent experience.
  • Knowledge of how to properly secure and audit Unix/Linux and Windows servers and desktop systems.
  • Knowledge of common application vulnerabilities, current threat vectors, and mitigations.
  • Experience working with teams using Agile, XP, Lean development practices.
  • Hands on experience with web application and secure code testing tools and services.
  • Knowledge of IP protocols, networks, security architectures and security threats in an IP network.
  • Knowledge of incident handling and response, exploit analysis, tool deployment, network intelligence gathering, incident analysis, reverse engineering of attacker methods, digital forensics methods and procedures, eDiscovery, and demonstrated analytical analysis of information security and intrusion analysis.
  • Hands-on experience using port and network scanners.
  • Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail, AD/LDAP, NAC, SSL/TLS, AV, WAF, SIEM, DLP, IPS).
  • Experience with VMware and applying security to virtual platforms.
  • Experience working with internet and web application security techniques. (SANS, OWASP, WASC).
  • Experience working with leading firewall, scanning, filtering and intrusion detection technologies/services.
  • Experience working with logging and file integrity monitoring tools.
  • Experience with ITSEC standards and best practice frameworks. (ISO 27001/27002, NIST, Cobit, ITIL, PCI).
  • Preferred security certifications (CISSP, CEH, GIAC Security Essentials, CompTIA Security+).
  • Familiarity with IT security standards, compliance regulations and best practice frameworks (ISO 27001, ISO 27002, NIST, OWASP, SANS, SOX, ITIL, PCI DSS)

CARFAX Canada’s core values are: Integrity, Objective, Customer Advocate, Solutions-Oriented and Transparent. The successful candidate will share these values.

Compensation includes base salary commensurate with experience, performance bonuses, health/dental benefits and an optional RRSP match program.

If you are interested in applying for this position, please visit our website. Applications will be accepted until September 9 2019.

We thank all applicants for their interest; however only those selected for an interview will be contacted.

CARFAX Canada is committed to providing accommodations for people with disabilities. If you require an accommodation during the application or selection processes, please advise in your cover letter.