Senior Security Platform Engineer (Security Visibility)
City : North York
Category : Full-time
Industry : Finance
Employer : Sun Life Financial
Vous êtes unique, comme le sont votre parcours, votre expérience et votre façon de voir les choses. Ici, on vous encourage et on vous motive à donner le meilleur de vous-même, et on vous donne les moyens de le faire. Vous travaillerez avec des collègues dynamiques – experts dans leur domaine – qui sont impatients de partager leurs connaissances avec vous. Vous aurez des gestionnaires inspirants qui vous aideront à développer votre potentiel et à atteindre de nouveaux sommets. Chaque jour, vous aurez de nouvelles occasions de rendre la vie de nos Clients plus radieuse – ils sont au cœur de tout ce que nous faisons. Découvrez comment vous pouvez faire une différence dans la vie des gens, des familles, des collectivités – ici et partout dans le monde.
Description de poste:
About the role:
The Senior Security Platform Engineer (Security Visibility) is responsible for effectively planning, designing, implementing, and monitoring security technologies and projects that support Sun Life’s security policies and procedures. Your primary responsibilities will be Supporting in Scope Platform and Products and developing use case scenarios, enhancing the security of Sun Life’s corporate and production systems. You will work closely with Enterprise Infrastructure, IT operations, Enterprise Architecture, and application development teams to identify risks to the business and lead security solutions to protect customer and financial information.
The successful candidate must be able to interpret complex information, adapt as needed and have a deep understanding of security risks, data impact and controls to help mitigate the risk and provide countermeasures.
A Senior Security Platform Engineer is a leader who is expected to participate fully in the planning of the work and to seek opportunities for process improvement. The successful candidate is strong in multiple Information Security domains and is expected to lead the efforts to solve complex security problems.
What will you do:
- Deploy and manage one or more security platforms and tools: Perimeter, Endpoints, Crypto, Cloud, Email Security, and Security Visibility:
- Email and Anti Malware Security Technologies
- Cloud platforms security (CNAPP)
- Intrusion Detection/Prevention System
- Endpoint Security Solutions (Netskope, CrowdStrike, Semperis)
- Web Application Firewalls (WAF)
- Cryptography, Certificate and Key Management (Hashicorp, Venafi, ISG)
- Security Visibility (SIEM)
- Analyze information systems utilizing various cybersecurity techniques and lead security initiatives and enterprise level projects implementing security solutions and performing POC/POV for new technologies.
- Able to work independently with high degree of ambiguity and deliver expected outcomes, be focused on the end deliverables, and build trust with internal clients and peers.
- Responsible to deploy, support and maintain new and existing security technologies that are deployed within Sun Life and owned and supported by the team.
- Implement risk driven security controls and provide SME (Subject Matter Expertise) during Audit.
- Investigate and respond to security incidents, adhering to defined SLA’s. Participate in teams 24x7 on-call support and be required to join major incident management calls to provide support and consultation.
- Identify risks to the business and recommend strategies to address those risks.
- Manage the capacity and resiliency of security systems protecting Sun Life’s internal and client data.
- Collaborate and build trust with security peers, vendors, and other Sun Life teams to enhance security posture and best practices.
- A change catalyst for Digital transformation, using JIRA, Confluence, estimating stories, setting definition of done, completing and tracking story updates and assignments.
- Smoothly transition and operationalize projects and products. This includes developing roles & responsibilities (RACI), completing product documentation and educating the teams who will be performing BAU (Business as usual) the day-to-day work.
- Document, update and maintain cyber security playbooks, policies and knowledge base articles used to support the established Incident Management and CSIRT processes.
- Continuously improve operational and security platform processes.
What you need to succeed:
- An Information Technology University degree/college diploma in related discipline(s) or equivalent work experience.
- Minimum 5-7 years Information security and engineering experience with enterprise level security technologies in the one or more areas of: Perimeter, Endpoints, Crypto, Cloud, Email Security, Security Visibility, and Automation and Orchestration.
- Minimum 3 year experience in successfully leading global information security projects.
- Preferred: Certification(s) in data network engineering and/or security: CCNP/CCNP-Security, CCSP, CISSP, GIAC-GCIA, GIAC-GCED, CompTIA, or equivalent security certification.
- Experience in managing 3rd party security service providers in delivering security services.
- Broad exposure to multiple security disciplines and in-depth exposure in Incident Response or Detection Engineering.
- Knowledge of a broad range of security controls and risk management frameworks NIST & (ISO) 2700x standards.
- Experience with end-point detection and response, intrusion detection, certificate management, email security and web content filtering technologies.
- Experience designing secure networks and endpoint systems.
- Experience planning, researching, and developing security policies, standards, and procedures.
- Experience in a system administration role supporting multiple platforms and applications.
- Experience with Windows and Linux based operating systems.
- Experience in deploying enterprise level technology via managed projects using Scrum and Kanban methodologies.
- Knowledge of networking technologies, firewalls, web application firewalls and intrusion detection and prevention systems.
- Knowledge of AWS cloud technologies.
- Knowledge of disaster recovery, technologies, and methods.
- Strong oral and written communicator with the ability to communicate security technical issues to peers and management.
Individual skills:
- Problem Solving – Identifies and resolves problems in a timely manner; Gather and analyzes information skillfully; Develops alternative solutions. Exceptional troubleshooting skills.
- Analytical – Synthesizes complex or diverse information; collects and researches data.
- Critical Thinking – Uses logic and reasoning to identify alternative solutions/approaches to problems.
- Technical Skills – Pursues training and development opportunities; Shares expertise with others; Sound knowledge of security technologies for both Cloud and On Premise.
- Strong leadership and teamwork skills - Motivates others to perform well; effectively influences actions of others; accepts feedback from others.
- Ability to communicate complex approach to various stakeholders resulting in successful outcomes.
- Ability to communicate effectively with senior management and user community, both written and oral.
- Pragmatic understanding of security problems, as a mix of technology and process issues, with the ability to pursue solutions at both layers within the organization.
Additional skills:
- Proven experience in Data Centre Routing and Switching Technologies – Layer 2 (VLANs, Rapid PVST, SPAN), Firewalls, Layer 3 (OSPF, BGP, MPLS) are a must.
- Proven experience with Infrastructure Visibility related technologies – SIEM, IDS/NDR, Threat simulation tools.
- Strong practical knowledge of AWS and Microsoft Azure cloud technologies and services.
- Extensive knowledge of Information Security principles, protocols, practices, and industry standards
- Solid understanding of existing and emerging Information Security technologies.
- Self- Starter, strategic thinker in maturing deployed security technologies to ensure full capabilities are explored to meet enterprise security requirements.
- Strong hands-on technical skills in both security risks and implementing solutions.
- Strong investigative mindset with acute attention to detail, sense of ownership, urgency, and drive.
L’échelle du salaire de base est pour l’emplacement principal du poste affiché. Elle peut varier selon l’emplacement du candidat sélectionné et d’autres facteurs. En plus du salaire de base, les employés admissibles de la Financière Sun Life participent à différents programmes de rémunération incitative, dont le montant octroyé est discrétionnaire et dépend du rendement de l’employé et de la compagnie. Certains postes de vente participent à des programmes de rémunération incitative basés sur les résultats de vente individuels ou de groupe.
Depuis toujours, la diversité et l'intégration sont au cœur des valeurs de la Financière Sun Life. Nous croyons qu'un effectif diversifié ayant des points de vue variés et des idées créatives est avantageux pour nos clients, pour les collectivités où nous exerçons nos activités, ainsi que pour nous tous, en tant que collègues. Nous accueillons avec enthousiasme les candidatures de personnes compétentes provenant de tous les horizons.
Les personnes handicapées ayant besoin de mesures d'adaptation pour présenter leur candidature et celles qui doivent consulter les offres d'emploi sur un support de substitution peuvent envoyer leur demande par courriel à l'adresse ‘thebrightside@sunlife.com’.
À la Sun Life, nous voulons créer un environnement de travail flexible où nos employés sont outillés pour donner le meilleur d’eux-mêmes. Nous offrons plusieurs options de travail flexibles selon les exigences du poste et les besoins individuels. N’hésitez pas à en discuter pendant le processus de sélection.
Nous remercions tous les candidats de l'intérêt manifesté pour ce poste. Nous ne communiquerons qu'avec les personnes qui auront été retenues pour passer une entrevue.
Échelle salariale:
82,000/82 000 - 135,000/135 000Catégorie d'emploi:
Services technologiques - TIFin de l'affichage:
26/09/2024