Key skills
AWSCloudCyber SecurityFirewallsLinuxJiraConfluenceScrumKanbanRisk ManagementPenetration Testing
About this role
Role Overview
- Deploy, administer, and continuously enhance Mandiant Security Validation (MSV) within the Security Visibility program, including onboarding/updating adversary emulation content, scheduling and tuning validation runs, integrating results with detection/response processes, and producing actionable reporting/metrics to drive control and detection improvements.
- Analyze information systems utilizing various cybersecurity techniques and lead security initiatives and enterprise level projects implementing security solutions and performing POC/POV for new technologies.
- Able to work independently with high degree of ambiguity and deliver expected outcomes, be focused on the end deliverables, and build trust with internal clients and peers.
- Responsible to deploy, support and maintain new and existing security technologies that are deployed within Sun Life and owned and supported by the team.
- Implement risk driven security controls and provide SME (Subject Matter Expertise) during Audit.
- Investigate and respond to security incidents, adhering to defined SLA’s..
- Identify risks to the business and recommend strategies to address those risks.
- Manage the capacity and resiliency of security systems protecting Sun Life’s internal and client data.
- Collaborate and build trust with security peers, vendors, and other Sun Life teams to enhance security posture and best practices.
- A change catalyst for Digital transformation, using JIRA, Confluence, estimating stories, setting definition of done, completing and tracking story updates and assignments.
- Smoothly transition and operationalize projects and products. This includes developing roles & responsibilities (RACI), completing product documentation and educating the teams who will be performing BAU (Business as usual) the day-to-day work.
- Document, update and maintain cyber security playbooks, policies and knowledge base articles used to support the established Incident Management and CSIRT processes.
- Continuously improve operational and security platform processes.
Requirements
- Minimum 5-7 years Information security and engineering experience with enterprise level security technologies in the one or more areas of: Perimeter, Endpoints, Crypto, Cloud, Email Security, Security Visibility, and Automation and Orchestration
- Minimum 3-year experience in successfully leading global information security projects.
- Previous security related experience in penetration testing, security investigations, or red team exercises
- Experience with security control validation (e.g., MSV), including MITRE ATT&CK mapping, translating findings into detection/control improvements, and communicating outcomes using clear reporting and metrics.
- An Information Technology University degree/college diploma in related discipline(s) or equivalent work experience
- Experience with security validation / breach-and-attack simulation platforms (e.g., Mandiant Security Validation (MSV)), including adversary emulation and using results to improve control effectiveness and detection coverage.
- Experience in managing 3rd party security service providers in delivering security services.
- Broad exposure to multiple security disciplines and in-depth exposure in Incident Response or Detection Engineering
- Knowledge of a broad range of security controls and risk management frameworks NIST & (ISO) 2700x standards
- Experience planning, researching, and developing security policies, standards, and procedures.
- Experience in a system administration role supporting multiple platforms and applications.
- Experience with Windows and Linux based operating systems.
- Experience in deploying enterprise level technology via managed projects using Scrum and Kanban methodologies.
- Knowledge of networking technologies, firewalls, web application firewalls and intrusion detection and prevention systems.
- Knowledge of AWS cloud technologies.
- Knowledge of disaster recovery, technologies, and methods.
- Extensive knowledge of Information Security principles, protocols, practices, and industry standards
Tech Stack
- AWS
- Cloud
- Cyber Security
- Firewalls
- Linux
Benefits
- Wellness programs that support the three pillars of your health – mental, physical, and financial
- The opportunity to move along a variety of career paths with amazing networking potential.