Security Assessor

ADGA is looking to hire a Senior Security Assessor to work with our client who is leading an initiative to improve its business agility and performance by adopting a cloud and onpremises DevOps agile software development and by providing developers with stateoftheart tools and suitable environments at Protected B confidentiality Medium integrity and Medium availability (PBMM) security level. The initiative will not only provide employees a modern and flexible workplace environment but also will increase the cloud collaboration with other Government of Canada (CoC) Departments at Protected B Medium Integrity Medium Availability (PBMM) security level.

The Senior Security Assessors role is to assess the collected evidence provided in the SRTM to imply if the evidence is met not met or partially met and to prepare and present the assessment report to IT Security Risk Management Unit.

The Senior Security Assessor will be mainly involved in the Security Assessment and Authorization (SA&A) at PBMM security level for several cloud and on premises systems and services implementations including but not limited to:

1. Site to Site VPN and/or Express Route between onpremises network and MS Azure Cloud
2. Point to Site VPN between mobile devices and MS Azure Cloud
3. Desktop as a Service MS Azure Virtual Desktop (AVD)
4. Cloud and onpremises end to end DevOps tools including but not limited to: MS Azure DevOps JFrog GitLab Jenkins
5. Automated and Secure Data Transfer Pipeline between MS Azure Cloud and onpremises environments (ASDTP)
6. Secure Data Pump
7. Atlassian products Jira and Confluence
8. Containers and Kubernetes
9. Mobile devices Laptops and Androids
10. Onpremises workstation
11. MS Sentinel
12. MS Defender for Cloud and DevOps
13. MS Intune
14. MS Office 365

In addition to the main task listed above The Senior Security Assessor will be expected to:

1. Perform other SA&A Activities such as: Security Categorisation Concepts of Operations Security Reviews Threat and Risk Assessments and/or Authorisation letters.
2. Create and review IT Security policy procedures and guidelines.
3. Provide IT Security expertise to the IT Security group and various project teams for any deliverables involving security concepts.
4. Prepare and submit various deliverables as detailed below. These deliverables tasks and/or activities as well as their schedule content and format will be identified and further detailed in Task Authorizations.
5. Collaborate closely with the Technical Authority and/or other branches members and/or project team members and/or partners to perform the required deliverables of the contract.
6. Work on one or more deliverables under the direction of the Technical Authority.
7. Work as part of teams in a collaborative respectful and productive environment.

Qualifications :

The Senior Security Assessor must meet the following requirements:

• A minimum of 7 years of experience in Information Security and/or Information Technology Security.
• Must hold one or more Information Systems Security Professional certifications including Cloud Certifications (e.g. Microsoft Certified Azure Security Engineer Associate Certificate of Cloud Security Knowledge (CCSK) GIAC Cloud Security Automation (GCSA) CISSP CISA GIAC.
• Must have an Undergraduate University Degree (IT related such as Computer Engineering Computer Science and Information Systems) from a recognized educational institute.

• Extensive practical knowledge of each of the following GoC IT Security Publications:

  • Policy on Government Security;
  • ITSG33: IT Security Risk Management: A Lifecycle Approach;
  • TBS Government of Canada Cloud Security Risk Management Approach and Procedures;
  • TBS Government of Canada Considerations for the Use of Cryptography in Commercial Cloud Services
  • CSE Guidance on cloud security assessment and authorization;
  • CCCS Guidance on the security categorization of cloudbased services
     
• Extensive experience with the following:
  • Security policy and standards development;
  • IT Security requirements development (functional and technical requirements);
  • IT Security processes including IT security audit and oversight for compliance with policies and technical requirements.
  • Security Categorisation;
  • IT Threat / Risk Assessments;
  • Concepts of Operations;
  • System Certifications & Accreditations and/or System Assessments & Authorizations.
     
• Extensive experience with a combination of the following:

  • Ground to cloud connectivity (Site to Site VPN and/or Express Route)

  •  Point to Site VPN

  • Desktop as a Service MS Azure Virtual Desktop (AVD)

  • DevOps tools including but not limited to: MS Azure DevOps JFrog GitLab Jenkins

  • Cross domain technologies (from unclassified/protected systems to classified systems)

  • Atlassian products Jira and Confluence

  • Containers and Kubernetes

  • Mobile devices Laptops and Androids configuration

  • Windows 10 and 11 devices

  • MS Sentinel

  • MS Defender for Cloud and DevOps

  • MS Intune

  • MS Office 365 (Teams SharePoint OneDrive)

  • MS Exchange Online

  • MS Azure Active Directory (AAD)

• 5 years of experience in Information Technology and/or Information Technology Security in a Top Secret security environment.

Additional Information :

WorkLife Balance  

We strongly support a healthy and productive worklife balance. This starts with a flexible approach to work and policies designed to support employees through their daytoday routines and major life events. For example we offer a Maternity/Parental TopUp (up to 52 weeks) and a Reservist Leave TopUp (up to 180 days). 

ADGA continuously strives to integrate advanced Diversity Equity & Inclusion (DEI) approaches and practices into our work culture. Our employeebased DEI Committee explores activities and invites discussions that foster an environment where all employees feel valued respected and heard.

Compensation  

Above and beyond our commitment to offer a competitive base salary ADGA has a companywide profitsharing plan for all fulltime and parttime employees.

Comprehensive Benefits and Total Rewards  

We offer a comprehensive benefit program providing employees with the choice between base or enhanced plans. Depending on the plan ADGA pays for Health & Dental a Health Spending Account ShortTerm Disability an Employee Assistance Program and a Telemedicine service. Also offered: discounts on gym memberships 5000 perks through Perkoplis a Deferred Profit Sharing Plan and access to a wide range of other employeecentric services and savings programs.

Remote Work :

No

Employment Type :

Parttime