Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Senior Information Security Specialist
Company Atlantic Lottery Corporation
Location Canada, Atlantic Region
Preferred GIAC Certifications GPEN GWAPT
Travel 5%
Salary Not provided
Contact Name Anonymous
Contact Email saliskor/at/
Expires 2022-05-15

Job Description

Atlantic Lottery (AL) is a leader in Atlantic Canada's gaming and entertainment industry. Today they are more committed than ever in accelerating their transformation to become a next generation digital gaming experience company. To ensure sustainable growth and continued prosperity for the Atlantic Provinces, they are laser focused on broadening and diversifying their player base to remain relevant and competitive, enabled through a focus on modern player-centric experiences across existing and new products and platforms.

We're on a mission to ensure that all our players have fun, dream big and play responsibly one player experience at a time and we're looking for team members who share that same passion. Our culture is built on a shared commitment to do what's right for our customers, our people, and our communities.

Atlantic Lottery is seeking a Senior Information Security Specialist. Location is flexible within Atlantic Canada with occasional travel to Moncton, NB.

As our Senior Information Security Specialist, you are accountable to design and develop the vulnerability management program for AL which manages the vulnerabilities to AL's infrastructure, applications and networks. The program will provide continuous vulnerability assessment and penetration testing of AL applications, computer systems and networks. You will lead the Vulnerability Assessment Review Board (VARB) that reports on AL's risk posture to Executive which ensures identified vulnerabilities are addressed to maintain AL's security posture.

What you'll doResponsibilities
Perform hands-on security testing of applications, networks and infrastructure.
Identify and group systems into logical testing groups with assigned levels of risk and recommended testing schedules.
Develop and maintain a system to actively monitor AL systems for vulnerabilities, review and report on findings.
Conduct full-scope vulnerability assessment and penetration testing.
Interface with our vendors, internal IT department and executives, to conduct threat-informed risk assessments, full-scope penetration tests including physical, network, RF and social engineering elements and provide reports.
Lead and conduct penetration testing and vulnerability assessments of systems/networks while actively defeating various security technologies.
Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
Develop scope and requirements for the engagement of 3rd party assessment vendors for both vulnerability assessment and penetration testing as part of an overall structured program.
Develop and lead the VARB with regular meetings including vendors to review current vulnerabilities and develop action plans.
Provide professional penetration testing, vulnerability services and advice.
Manage vendor/IT accountabilities for identified vulnerability remediation.
Define and lead outsourced contractors for contracted assessments and the deliverables.
What you'll needQualifications
What we can expect from you:

You have extensive technical computer/network knowledge and understanding of computer hardware, software, networks, communications and connectivity
You are proficient with using scan/attack/assess tools and techniques, including proficiency in at least one of the following frameworks: Metasploit, Core Impact, Immunity Canvas
You are proficient at conducting full-scope assessments and penetration tests including social engineering, server and client-side attacks, protocol subversion, physical access restrictions, web application exploitation
You are proficient at configuring, running, validating and contextualizing the findings of vulnerability discovery tools such as Nessus, Burp Suite, Web Inspect, SAINT, NeXpose, Retina, Nipper.
You have an understanding of and experience with either executing or defending against complex, targeted cyber threats to high-value systems and data
Strong listening, communication, and collaboration skills.
Ability to understand complex infrastructure designs.
Excellent research ability and knowledge update on the security trends and attacks.
Networking - Can read complex logical and physical networking diagrams
Infrastructure - Understands infrastructure diagrams and components like SAN, Physical Servers and virtual servers.
Applications - Understands application design, middleware and types of coding used to create the applications.
Ability to explain technology risks; including XSS, CSRF, Injection attacks introduced by application vulnerabilities to a system's Business Owner.
Ability to quickly adapt to changing priorities and demands.
Excellent knowledge of information security processes, response procedures, and various attack methods used for information theft or network intrusion.
Knows how to use the penetration testing/vulnerability assessment methodologies and build the program based on this knowledge which is attained from the SANS GIAC Certified Penetration Testing.
Ability to understand vendor contracts and the accompanying Service Level Agreements related to patching and vulnerability remediation.
Ability to manage multiple stakeholders internally and externally to achieve results for the program.
Understanding of potential issues (political, influence) internally and within vendor organizations in order to provide solutions.
You should apply if you have the following:

7+ yrs. of experience in a security position including vulnerability assessments and penetration testing.
A university degree in Computer Information Systems, Computer Science or equivalent experience.
Experienced and proficient at exploiting vulnerabilities in computer systems, networks and applications.
Possess a GPEN and/or GWAPT certification.
Experience with the NIST Risk Management Framework
Experience with OSSTMM 3, NIST SP800-15, Penetration Testing Framework