IT Security Vulnerability Professional

**Title**:Senior-Level (10+ yrs) IT Security Vulnerability Analysis Specialist
**Location**:On-Site, Ottawa, Ontario, Canada
**Security Clearance**: Top Secret Security Clearance
**Contract Duration**:12 months with high probability of extension
**Opportunity**: Won business contract
**Language**:English

**Project Background**:
Our Government of Canada client has a requirement for _Top Secret Cleared_ specialists in the field of Extensible Stylesheet Language Transformation (XSLT) authoring, professional services in the field of IT Security Installation, and professional services in the field of IT security vulnerability analysis.

The cyber threat environment is a constantly evolving landscape with ever-mounting challenges. Their enterprise information security program addresses these challenges through a range of programs and services, some of which require enhancement to further fulfill organizational needs.

Our client requires log data to be translated using XSLTs following a predefined Extensible Markup Language (XML) schema. The IT Security Installation Specialist will assist in the ongoing enhancement of the IPC Engineering and Support tailored for its unique operational environments. The **Senior-Level (10+ yrs) IT Security Vulnerability Analysis Specialist** will assist in the ongoing enhancement of the vulnerability management program tailored for its unique operational environments.

**Core Responsibilities**:
The **Senior-Level (10+ yrs) IT Security Vulnerability Analysis Specialist** will assist in the ongoing enhancement of the protection centre tailored for its unique operational environments.
- Configure and conduct vulnerability scans on an agreed to periodic basis using departmental toolsets and processes in support of the Vulnerability Management Program (VMP), reporting findings to management;
- Work with stakeholders to communicate vulnerabilities and risks and to facilitate the adoption of patching best practices throughout the enterprise;
- Work with stakeholders to resolve critical issues;
- Integrate new systems and networks into the VMP;
- Provide VMP-related analysis information to Security Authorization and Accreditation (SA&A) process;
- Where necessary, produce briefing notes and risk assessments concerning vulnerability posture;
- Assist with and where necessary, provide technical leadership for activities related to corporate response to major and urgent vulnerability discoveries that require immediate and comprehensive action;
- Provide technical leadership for development and implementation of new/improved vulnerability scanning capabilities;
- Manage and coordinate quality control oversight on all deliverables;
- Provide weekly progress/status reports, with format to be defined in consultation with the Technical Authority (TA);
- Prepare a record of discussions/decisions resulting from any formal meetings that are held related to this work;
- Immediately notifying the TA of any issue/problem that may impede, delay, or negatively impact completion of authorized work;
- Maintain an electronic library of work in progress, delivered items and reviewed comments, and version control thereof;
- Consult with the TA throughout the duration of this contract and provide briefing notes and presentations to management, as required by the TA;
- Provide written advice, guidance, and recommendations on Information Security (IS)/IT Security issues as required by the TA, with specific format to be defined in consultation with the TA;
- Participating in working groups and forums as required (within the NCR). Within the working groups, participants (including the resources) propose changes and provide updates on the current state of projects; and
- Provide input and coordination to Change Management board.

**Qualifications**:

- Must have Top Secret Security Clearance as issued by the Government of Canada;
- Must have a minimum of 10 years within the last 15 years of experience in IT Security;
- Must have a minimum of 2 years of experience within the last 4 years providing vulnerability management advice to Government of Canada clients within the security or intelligence field;
- Must have a minimum of 2 years of experience within the last 4 years as a Lead in the development of an enterprise-wide vulnerability management program;
- Must have a minimum of 5 years of experience within the last 7 years with risk management principles, and IT security controls in Government of Canada departments;
- Must have a minimum of 2 years within the last 4 years in the identification and evaluation of complex business and technology risks, establishment of internal controls which mitigate risks, and related opportunities for internal control improvement; and
- Must have a minimum of 2 years within the lat 4 years of experience providing IT risk management advice to senior management and executives.
- **Please note: Only those who hold valid Top Secret Security Clearance as issued by the Government of C