Maplesoft Group is currently seeking an IT Security Design Specialist (Level 3) for our Federal Government client.

Tasks and Responsibilities include, but are not limited to the following:

• Attend meetings with Technical Authority, delegates and clients to discuss security requirements, objectives and strategies
• Review, analyze, and apply appropriate security architecture, methods and frameworks
• Meet with Business Owners to analyze, document and define requirements associated with new development or maintenance and enhancements to existing applications, platforms, roles and permissions.
• Review alignment to the principals of Security By Design by ensuring the security architecture components are embedded in the project architecture
• Translate relevant security control and business requirements into industry-best practices applied to the cybersecurity framework.
• Determine acceptable risk levels for the department and ensure the IT environments are adequately protected from potential threats.
• Assist in research, development, communication, maintaining and working with operational units on the enforcement of IT security architecture, policies, procedures, solutions and standards.
• Review, analyze, and apply best practices and standards related to the concept of network zoning
• Provide services in the development and implementation of the appropriate and effective controls to mitigate identified threats and risks to meet client security control requirements.
• Provide guidance on and gather evidence that demonstrates compliance with security control profiles
• Review completed work with teams to ensure security requirements are fully implemented.
• Participate in incident response planning as well as the investigation of security breaches, and assist with the collecting of evidence as necessary
• Demonstrate an in-depth understanding of application vulnerabilities and apply application and operating system hardening techniques for Windows and Linux systems
• Proactively implement security measures and controls while weighing the consequences of any action.
• Review the Inclusion of acceptable cryptographic techniques and algorithms
• Configure and support security tools such as anti-virus software and patch management systems, firewalls, switches, routers, gateways and intrusion detection and prevention systems
• Work with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrate overall compliance through the providing of appropriate evidence.
• Prepare technical reports such as requirement analysis, options analysis, technical architecture documents and risk modeling
• Prepare tailored IT Security alerts and advisories from open and closed sources
• Complete tasks directly supporting the departmental IT Security and Cyber Protection Program
• Conduct meetings and provide advice in meaningful ways intended to train and empower employees to protect systems.
• Develop and deliver training material relevant to building and securing applications, platforms and data
• Conduct oral presentations and briefings to senior management.

Requirements:
1) Must demonstrate, within the last five (5) years, a minimum of three (3) years of experience providing security advice and guidance for solutions that leveraged at least one of the following security control profiles in a Public Cloud environment:
• Government of Canada Protected B Medium Integrity Medium Availability (PBMM)
• Federal Risk and Authorization Management Program (FEDRAMP) Moderate or High Level
• ISO 27001, ISO 27017, ISO 27018
• NIST SP 800-53

2) Must hold two current valid professional certifications from any of the following:
• Certified Information Systems Security Professional (CISSP);
• Certified Information Security Manager (CISM);
• Certified Information Systems Auditor (CISA);
• Information Security Management (ISO/IEC);
• Certified in Risk and Information Systems Control (CRISC);
• Certified Cyber Forensics Professional (CCFP);
• Systems Security Certified Professional (SSCP);
• Information Systems Security Architecture Professional (ISSAP);
• CAP (Certification and Accreditation Professional);
• SSCP (Systems Security Certified Practitioner);
• GIAC (Global Information Assurance Certification);
• SABSA Chartered Security Architect Foundation (SCF) or higher;
• Systems Security Certified Practitioner (SSCP);
• Sherwood Applied Business Security Architecture (SABSA); or
• Certificate of Cloud Security Knowledge (CCSK).

A copy of the certifications must be provided.

3) Must hold a valid secret security clearance.



Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people.  Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.

Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans’ status, Aboriginal peoples or any other legally protected factors. 

All employment decisions are made based on business needs, job requirements, and individual qualifications. 

We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at info@maplesoftgroup.com.

We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.