Information Security Engineer

Axelon Services Corporation

Montreal

Offre publiée le 2025-01-17

Postuler

Job Tittle : Information Security Engineer III

Location : Montreal, QC

MAIN RESPONSIBILITIES

Responsibilities include but are not limited to :

Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to BNP’s environment and determine appropriate mitigating controls.
Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level based upon BNP’s policies and standards.
Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
Review and / or escalate exception requests submitted to the VM team
Using a risk based approach, analyze BNP’s vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.

REQUIREMENTS

TRAINING AND OCCUPATIONAL EXPERIENCE

B.S. in Computer Science or equivalent field

CISSP, CISM or similar industry certification

5 years of experience in Vulnerability Management or related field

ESSENTIAL SPECIFIC REQUIREMENTS

Expertise knowledge of the Vulnerability Management process including vulnerability identification, false negative / positives identification & elimination

Strong knowledge of Qualys, Nexpose or Nessus including configuration and maintenance, scan execution, agent deployment and oversight

Experience of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).

Experience Security Standards / Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).

Experience of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.

Previous experience working in large-scale environments with diverse technologies is a must.

Knowledge of scripting languages desired

SKILLS AND BEHAVIOURS

Analytical skills

Strategic vision

Rigor & Accuracy

Flexibility

Communication skills

Collaboration

Self-driven

Team player