Highlights of the job
EPCOR is looking to hire a passionate Security Operations Specialist with Cloud to join our Information Services Security Team in a full-time permanent position!
As the Specialist, you are accountable for performing advisory services and operational support of processes and safeguards that manage risk to information and technology. You contribute to the information security framework and supporting processes, consulting with internal clients to define and implement risk and cost-aligned safeguards, monitoring and responding to security events, providing oversight and investigative services for key security processes, and achieving required outcomes within the timelines identified in the yearly plans. If this exciting opportunity sounds like a match for you, apply today!
Please note: This role may be eligible to apply for our hybrid work program.
What you'd be responsible for
- Analyzing and managing potential IS security incidents.
- Perform threat-hunting on potential IS Security Incidents.
- Providing subject matter expertise in cloud security controls, principals and best practices.in Azure.
- Monitoring security safeguards, events, and policy compliance in the cloud and on premise, making timely corrective action to resolve issues, and escalating complex concerns to the Operations Security Manager.
- Providing input to information security strategies, plans, and directions, ensuring an appropriate understanding of EPCOR Utilities Inc. and establishing relationships and heightened awareness across the organization.
- Developing and implementing deliverables within the context of the information security framework. Ensuring delivery of optimal results against appropriate performance metrics.
- Maintaining situational awareness regarding threats to EPCOR Utilities Inc. information and technology.
- Performing risk assessments, and preparing recommendations to mitigate the risks.
- Developing and implementing security standards, processes, and procedures.
- Providing technical maintenance, tuning and ongoing updates/upgrades of the security infrastructure and tools to ensure information and technology safeguards remain available and reliable.
- Performing investigative undertakings in-line with standards of the position, legal, and stakeholder directives.
- Consulting with clients and reviewing processes with a goal to improve security safeguards and processes and ensure performance targets are maintained or exceeded.
As our best candidate, you are a highly motivated, analytical individual, and enjoy examining processes, recommending improvements, and determining procedures. You have excellent written and verbal communication skills, and are able to seamlessly translate business requirements into technical design as well as articulate security risks and safeguards to all levels of the organization in an easily understood manner. Your attention to detail is exemplary, as is your determination and responsiveness to meet client needs.Â You interact and respond in a timely and effective manner to security events and end-users.
You maintain a flexible but acute business sense, and are able to work successfully both on a team and individually. Above all, you address client needs, and are able to effectively deliver tasks while maintaining a clear focus on the overall business strategy.
What's required to be successful
- A degree or technical diploma in the fields of computing science or computer systems technology (from a recognized post-secondary institute), or equivalent combination of experience and training in a related field.
- 7+ years of directly related experience.
- Accreditation in information security certification such as the ISCÂ² CISSP or SSCP; ISACA's CISM or CISA; or the SANS GIAC or equivalent.
- An understanding of security management frameworks (ISO 27001, ISO 27002, NIST (CSF), SOC1/SOC2 and Cobit) and related regulatory requirements.
- An understanding of computing infrastructure, communications, information, operational processes, and safeguards.
- A background in Linux and Windows operating systems and Networking protocols and technologies. e.g. TCP/IP, Firewalls, Routers
- Experience working with IS Operations Security Tools. e.g. Security Information Event Management, Intrusion Prevention Systems, Application Control, Web Filtering
- An understanding of security risks and impacts, including preparation of risk assessments, information security reviews and penetration tests, and development of security infrastructure design and risk appropriate security safeguard recommendations.
- An understanding of cloud computing and security.
- Experience with cloud services providers including Microsoft Azure, Amazon Web Services and Google Cloud.
- Assist in infrastructure design on premise and on the Cloud (inclusive of container security architecture, data security architecture, network security architecture, and operational security architecture)
- Experience with PaaS, IaaS and SaaS Security
- Experience working with cloud applications, infrastructure and security components.
- Experience in performing penetration testing for on premise and cloud systems to identify and detect possible weaknesses and risks and provide analysis and recommendation for remediation and mitigation.
- Strong understanding of vulnerabilities management methodologies.
- Ability to lead and coordinate in a crisis situation.
- Certified Cloud Security Professional certifications is considered an asset.
- Forensic experience or certifications is considered an asset.
- Scripting or programming knowledge is considered an asset.
- Network and Application Penetration Testing experience considered an asset.
- Experience in Application Centric Infrastructure considered an asset.
Other important facts about this job
Hours of work: 80 hours biweekly; this role participates in the after-hours on-call rotation.
Application deadline: July 10, 2022
EPCOR employees: please ensure that you are using your "@epcor.com" email address.
Learn more about Working at EPCOR!
Follow us on LinkedIn,Â Twitter, GlassdoorÂ or Facebook!
Please note the following information:
- A requirement of working for EPCOR is that you are at least 18 years of age, successfully attained a high school diploma (GED, or equivalent level of secondary education) and legally entitled to work in Canada. (A copy of a valid work permit may be required.)
- If you are considered for the position, clearance on all applicable background checks (which may include criminal, identity, educational, and/or credit) and professional reference checks is required. Some EPCOR positions require an enhanced level of background assessment, which is dictated by law. These positions require advanced criminal record checks that must also be conducted from time to time after commencement of employment.
- A technical/practical assessment may be administered during the selection process and this exercise will be used as a part of the selection criterion.
- To meet the physical demands required of some positions, candidates must be in good physical condition and willing to work in all weather conditions. Clearance on pre-placement medical and drug and alcohol testing may be required.
For more information, visit EPCOR for Security Operations Specialist (with Cloud)