Junior Security Engineer

Junior Security Engineer

MCAP at a Glance

Joining
MCAP means you will be a part of our diverse workforce of highly talented
individuals who are recognized for their expertise and success At MCAP, your
professional expertise, commitment to teamwork and passion for service
excellence are recognized and rewarded with competitive total rewards offering,
a career with continuous learning and development (formal & informal
training), and exciting opportunities in a dynamic, entrepreneurial
environment.

The Role

This entry-level position is responsible for supporting and assisting the Security Engineering team conduct incident detection, security incident response, threat hunting, information security operations and vulnerability management.

The role also involves identifying areas of security non-compliance and escalating findings to ensure effective operation of security controls.

The individual will collaborate closely with internal and external parties during incident response and contribute to cyber security and governance activities and initiatives.

• Contribute to MCAP's capability to detect, investigate, respond to, and recover from information security incidents to minimize business impact.
• Participate in the management of corporate security tools and appliances to ensure effective operations (SOC, SIEM, Vulnerability Scanning).
• Review and analyze security logs and reports from a variety of sources including security tools, servers, network devices and recommend and implement improvements for an improved security posture.
• Stay updated with the latest security trends, threats, and technology solutions.
• Contribute to the architecture, selection and design of security strategies to identify, protect, detect, respond to and recover from security threats.
• Assist with the testing and implementing of best-of-breed security products and services.
• Create, participate and execute regular exercises (e.g. red/blue, pen testing).
• Analyze and prioritize vulnerabilities based on their severity and potential impact.
• Conduct regular vulnerability assessments and scans to identify potential security risks.
• Monitor security tools and systems for signs of vulnerabilities and threats.
• Prepare and present reports on vulnerability findings and remediation efforts.
• Collaborate with IT and development teams to remediate identified vulnerabilities.
• Support incident response activities related to security vulnerabilities.
• Perform system access reviews, audits and security administration activities.
• Contribute and participate in the development of security policies, standards, operating procedures and playbooks.
• Contribute to the remediation of information security issues related to audit responses and risk management activities.
• Participate in vulnerability assessments, security audits, and penetration tests and the resolution and management of any findings.

What You Bring To The Team 

• 1-2 years in information security
• Formal Security accreditations (CYSA+, Security+)
• Working towards (CISSP, CISM)
• General knowledge and awareness with security incident investigations, system hardening, vulnerability management and security assessments
• General knowledge and awareness with SIEM's and SOC
• General knowledge and awareness with security tools and technology (e.g. forensics, PAM, DNS, DKIM, DMARC, firewalls, IDS/IPS, WAF, encryption, network zoning, endpoint protection, email protection, DLP, CASB, NAC)
• General knowledge and awareness with incident, change and problem management procedures.
• General knowledge and awareness with application security tools and technology (e.g. secure coding, code analysis, OWASP)
• General knowledge and awareness with information security governance frameworks (e.g. CIS, NIST, ISO)
• Familiar with risk management and risk discipline methodologies
• General knowledge and awareness with security tools (e.g. SIEM, IDS/IPS, NAC, AV, DLP, EDR, WAF, email security, web technology security, application security)
• General knowledge and awareness with of networking security (e.g. firewalls, TCP, SSL/TLS, SSO, MFA, hardening, CIS)
• General knowledge and awareness with enterprise server platforms, virtualized technology and cloud operations
• SIEM technology
• MDR, MSSP or SOC Services
• General knowledge and awareness with security technologies & protocols (e.g. IDS, IPS, NAC, DLP, EDR, WAF, CASB, AES, WPA2)
• General knowledge and awareness with network security protocols (e.g TCP, SSL, TLS, IPSec, VPN, Kerberos)
• Basic coding or script abilities
• General knowledge and awareness with enterprise network and server platforms, virtualized technology and cloud operations
• General knowledge and awareness with application security best practices (e.g. OWASP, secure coding)
• Scripting knowledge in Powershell, Bash, Python, PowerShell are an asset
• Programming knowledge in SQL, Excel Power Query are an asset
• A degree or diploma in a relevant area of study with preference for information & cyber security or computer science/engineering.
• Working towards or certified in CISSP, CISM or similar certifications

If this sounds like you and you are looking to be a part of one of Canada's largest independent mortgage finance companies, then we want to hear from you

Be A Part Of Something Great

MCAP
is Canada's largest independent Mortgage
Finance company with
over $150 billion in assets under management providing mortgage solutions for
residential and commercial properties. For over 35 years,
MCAP originates, trades, securitizes and services mortgages in offices across
Canada. MCAP originates residential mortgages exclusively through the mortgage
broker channel as we believe that a professional mortgage broker is a
consumer's best option and MCAP actively promotes the services of mortgage
brokers across the country. MCAP is also a leader in the Canadian residential
construction lending market with over 25 years in the business. Our teams of
dedicated professionals serve a variety of developer, construction and lender
clients across Canada.

Position #: req2105

Employment Status: Permanent Full Time

Location: Waterloo; Ontario

Number Of Openings: 1

Department: Information Technology

Internal Job Title: Junior Security Engineer

The above information in this description has been designed to indicate the general nature and level of work performed by employees in the position.  It is not designated to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

MCAP provides equal opportunities for all applicants and is committed to fostering an inclusive, accessible environment, where all employees feel valued, respected and supported throughout the recruitment and employment process. If you require accommodation, we will work with you to meet your needs.