Senior Security Dev/Ops Specialist

Permanent Full Time 

-

We are looking for a Senior Security Dev/Ops Specialist.

The Senior Security Dev/Ops Specialist is responsible for engineering of new security technologies and operational excellence of existing security technologies.  They will require a mindset focused on business value and continuous service improvement. 

What you will do:

• General:
  • Demonstrate strong security fundamentals while working hands-on with security technologies
  • Follow ITIL best practices including incident, problem, and change management
  • Complete deliverables and deliver high quality solutions in an efficient & effective manner
  • Proactively assess security risks and expedite gap closure to help promote a risk aware culture

• Engineering:
  • Provide input to security technology roadmaps that set the vision for security services / controls
  • As needed, research, evaluate and validate practicality of new technologies via rapid prototyping
  • Design solutions that are “fit for purpose” (security function) and “fit for use” (enterprise grade)
  • Ensure technical specs support solution architecture and are endorsed by technology vendor(s)
  • Deploy solution components and participate in appropriate functional and non-functional testing
  • Work with internal and external stakeholder teams to implement / validate solution integration
  • Provide technical consulting on capabilities and limitations of the security technologies

• Operations:
  • Participate in 24x7 on-call rotation and achieve incident service levels
  • Ensure health and compliance of security controls
  • Drive automation of manual tasks and improved proactive alerting
  • Implement security policies/blocks and perform continuous tuning to ensure control effectiveness
  • Assist with key performance indicator reporting to reinforce business value of security controls
  • Remediate infrastructure at risk of exploitation and participate in security incidents as needed
  • Contribute to annual business continuity / disaster recovery planning and execution

• Other:
  • Actively set personal smart goals and understands how their performance impacts the team
  • Participate in meetings and training with a willingness to share knowledge and learn from others
  • Demonstrate commitment to respectful workplace and workplace diversity initiatives
  • Foster the department’s culture with a focus on teamwork and stewardship with business units
  • Support continual improvements of IS methods, tools and techniques

What you will bring

• Five or more years of validated experience in security engineering, compliance, and risk management including privacy and security controls
• Technical knowledge in routing, firewall policy, Anti-Distributed Denial of Service (Anti-DDoS), Web Application Firewall (WAF), Intrusion Prevention System (IPS), Security Information and Event Management (SIEM), secure credential management, virtualization, service-oriented architecture, development practices, operational practices, and micro services architecture
• Demonstrated excellent communication skills and a history of running time sensitive projects involving multiple cross-functional teams and background in large scale security oversight
• Experience in defending attacks utilizing information security technologies, including web application firewalls, anti-DDoS technologies, advanced anti-malware solutions, network forensics
• Understanding of incident response processes and artifact collection for digital forensic investigation purposes
• Understanding of enterprise IT security risk assessments and related frameworks (e.g., SOC2, ISO 270XX, NIST CSF, NIST 800-XX, COBIT, ) and industry best practices
• Demonstrable understanding of network security, operating systems, authentication/authorization/audit systems, and use of cryptography
• Experience working in an agile framework methodology with firsthand experience with ticketing in ServiceNow, Jira and documenting within Confluence.
• Experience with Cloud Security Posture management tooling, integrations, and operations. Experience with designing and implementing security solutions in AWS, Azure and GCP clouds
• Experience in developing and managing Infrastructure as Code (IaC) and Policy as Code(PaC)
• Experience with secrets management
• Senior level experience with DevSecOps fundamentals such as git, gitflow, scm tools, gitlab, cicd pipelines, secure coding, security of SSDLC through shift Left principles.
• CC, CCSP, CISSP or other ISC2 certifications
• AWS, GCP and/or Azure Security certifications
• Cisco, F5 Networks and/or Radware or other vendor specific security certifications
• Reliability Status security clearance - this is a personnel security status that is required before an employee can gain access to Protected B information, assets or work sites as outlined by the Government of Canada  website

-

The base salary for this position is between  $61,900.00 - $114,500.00 annually.  This represents base salary only and does not represent other variable compensation components of our total compensation ( i.e. annual bonus, commission etc).  If you are selected to move forward in our recruitment process, your recruiter will be able to discuss additional details of our total rewards program with you.

Career opportunities will be open a minimum of 5 business days from the date of posting, closing dates will vary depending on the search activity. All applications received will be reviewed on a rolling basis.

Be your best at Canada Life- Apply today!

Being a part of Canada Life means you have a voice. This is a place where your unique background, perspectives and talents are valued, and shape our future success.

You can be your best here. You’re part of a diverse and inclusive workplace where your career and well-being are championed. You’ll have the opportunity to excel in your way, finding new and better ways to deliver exceptional customer and advisor experiences.

Together, as part of a great team, you’ll deliver on our shared purpose to improve the well-being of Canadians. It’s our driving force. Become part of a strong and successful company that’s trusted by millions of Canadians to do the right thing.

Canada Life serves the financial security needs of more than 13 million people across Canada, with additional operations in Europe and the United States. As members of the Power Financial Corporation group of companies, we’re one of Canada’s leading insurers with interests in life insurance, health insurance, investment and retirement savings. We offer a broad portfolio of financial and benefit plan solutions for individuals, families, businesses and organizations. 

We are committed to providing an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of the communities in which we live, and to creating an environment where every employee has the opportunity to reach their potential. 

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Canada Life policies. To request a reasonable accommodation in the application process, contact talentacquisitioncanada@canadalife.com.

Canada Life would like to thank all applicants, however only those who qualify for an interview will be contacted.

#LI-Hybrid