Technical Advisor / Team Leader (Cyber Security)

Important messages

Please take the time to review the various types of positions that encompass our IT Security Operations Center as indicated under Asset Qualifications. This will give you an idea of the diversity of what people do for each of these teams.

Are you a Royal Canadian Mounted Police civilian member assigned to Shared Services Canada (SSC)? We encourage you to apply! Please note that a civilian member selected for appointment through this process may not have to convert to public servant status before deeming. Contact the Shared Services Canada Human Resources Service Desk at for more information.

We encourage applicants to identify any skills, competencies and/or experiences you have acquired through your employment with the Canadian Armed Forces (CAF), if applicable.

At Shared Services Canada we are working to change the landscape of IT for the Government of Canada. We look forward to working with you in the coming years and will support your career while you support our business. Therefore, we encourage you to be a part of our team for at least 2 to 3 years to ensure business continuity.

Candidates will be contacted by email following the initial screening phase to submit their asset package.

Work environment

Are you looking for an exciting career opportunity in IT Security where you can make a difference working in an environment that encourages innovative thinking and gives you the opportunity to be part of a dynamic team? There are numerous types of positions that fall under the Security Operation Center team that is part of the Cyber and IT Security Branch of Shared Services Canada.

Most positions are currently located in the National Capital Region. The nature of our work is either secret or top secret and must be completed in our secured facilities in Ottawa, Ontario or Gatineau, Quebec. Virtual work may be a possibility for some positions.

At SSC your job will matter. We are working hard to change the landscape of information technology for the Government of Canada. We are modernizing, securing, and supporting critical IT programs and services for Canadians. We are looking for dedicated employees that want to make a difference and that will be part of our exciting journey for years to come.

If you are an individual who wants a rewarding career with an innovative organization, we need you. If you are dedicated, creative, and motivated, we need you. If you are eager to provide modern shared services that improve government service delivery to Canadians, we need you.

We look forward to working with you in the coming years and will support your career while you support our business. We encourage you to be a part of our team for at least two to three years to ensure business continuity.

We are especially in need of people who excel in the following areas
- Computer science or engineering
- Information technology
- Information management
- Cyber intelligence
- IT Security

Intent of the process

A pool may be established and may be used to staff multiple positions within Shared Services Canada. The pool may also be used for similar positions with different tenures and linguistic profiles.

Positions to be filled: 20

Information you must provide

Your résumé.

A covering letter in 9,999 words (maximum) "---> CANDIDATES ARE TO USE EACH OF THE ESSENTIAL QUALIFICATIONS (EDUCATION AND EXPERIENCE) AS HEADERS AND PROVIDE CONCRETE EXAMPLES OF HOW EACH IS MET. FAILING TO DO SO COULD RESULT IN YOUR APPLICATION BEING REJECTED."

You must meet all essential qualifications in order to be appointed to the position. Other qualifications may be a deciding factor in choosing the person to be appointed. Some essential and other qualifications will be assessed through your application. It is your responsibility to provide appropriate examples that illustrate how you meet each qualification. Failing to do so could result in your application being rejected.

The following will be applied / assessed at a later date (essential for the job)

Various language requirements
Team Leader Positions:
• Bilingual Imperative CBC/CBC

Technical Advisor Positions:
• English Essential
• English or French essential
• Bilingual Imperative BBB/BBB
• Bilingual Imperative CBC/CBC

Information on language requirements

EDUCATION:
Successful completion of two years of an acceptable post-secondary educational program in computer science, information technology, information management or another specialty relevant to the position to be staffed.

NOTE:
At the manager’s discretion, an acceptable combination of education, training and/or experience may serve as an alternative to the minimum post-secondary education stated above. Whenever the minimum education is met using this alternative, it is met for the specific position only and must be re-assessed for other positions for which this alternative has been specified by the manager.

Degree equivalency

EXPERIENCE:

1 - Experience creating technical and/or business reports and other documents.

2- Experience in one or more of the following (specify all that apply):
A) Significant* experience protecting IT infrastructure which may include monitoring for, and responding to cyber security events and incidents affecting IT infrastructures, applications and data; including investigating and identifying recommendations for mitigations to these incidents using a variety of cyber security tools such as SIEM, IDS/IPS, Firewall, Antivirus, Web Proxy/gateways, VPN, vulnerability assessment tools, etc. in a coordinated approach with a multi-disciplinary team.
* Significant is defined as the depth and scope of experience normally acquired over a three year period in the last seven years.

B) Experience performing analysis and design of IT solutions based on requirements and/or specifications (database administration, scripting), and development of IT solutions for service delivery to internal clients;

C) Experience developing security performance measurement and reporting frameworks.

D) Experience coordinating administrative investigations in support of an Access to Information/Privacy Office or other formal information request, or a Departmental Security Office or similar official corporate security representative as well as experience in using various eDiscovery search tools, techniques or procedures.

ABILITIES:
1- Ability to work effectively in a team-oriented and stressful environment with multiple and changing priorities.
2- Ability to communicate effectively orally
3- Ability to communicate effectively in writing.

PERSONAL SUITABILITY:
1. Initiative
2. Judgment
3. Adaptability
4. Dependability

The following may be applied / assessed at a later date (may be needed for the job)

ASSET QUALIFICATIONS:
** Candidates will be contacted by email at a later date (following the initial screening phase) to submit their asset package. **

COMMON FOR ALL STREAMS:
1. Experience conducting technical research and analysis in multiple areas of IT, and providing written technical advice, including recommendations, to various audiences.
2. Experience working in an IT environment involving a variety of platforms, operating systems, environments, database technologies and/or messaging technologies.

STREAM A - CYBER DEVELOPER (Cyber Security)
As a Cyber Developer, you will play a key role in designing and developing solutions to support various cyber defence initiatives for the SSC Security Operations Center.

Activities include:
• Designing, developing, testing, implementing and maintaining application systems and participating in quality assurance activities.
• Producing programming specifications and write new or modify existing code.
• Producing technical documentation.
• Working with various SMEs to ensure that development objectives are aligned with business requirements.

This opportunity is ideally suited to someone who is passionate about developing software designed to address emerging topics in the field of cyber defence and who brings with them new and innovative ideas.

Minimum of three years combined experience programming within the last 7 years in the following:
1. Experience in either C/C++ or Python (2.7 or 3.x) with an emphasis on Microsoft Windows development
2. Experience testing/debugging code
3. Experience using a professional development environment such as Visual Studio, PyDev or Eclipse
4. Experience using version control systems such as Git or SVN
5. Experience interfacing with relational databases such as MS SQL, MySQL, Oracle

STREAM B - SENIOR CYBER SECURITY THREAT ANALYST
As a Senior Cyber Security Threat Analyst, you will play a key role in designing and leading the development of solutions to support development of cyber threat intelligence, SIEM Use case and Cyber Hunt Trade craft for the SSC Security Operations Center.

This opportunity is ideally suited to someone who is passionate about the field of cyber security and who brings with them new and innovative ideas.

Minimum of 2 years, within the last 5 years, of cyber security experience including:

1. Deploying and administering security information and event management (SIEM) for a large organization, across multiple security boundaries.
2. Protecting critical assets against various cyber threats by applying event lifecycle and Kill-Chain techniques.
3. Experience supporting big data and working with technologies such as: Kafka, Event Broker, Kubernetes, and Docker
4. Experience in the prevention, detection and response to cyber intrusions and other unauthorized or malicious activity.
5. Experience identifying, investigating and escalating potential issues affecting the security posture of the organization.
6. Experience using scripting languages.
7. Experience monitoring security events received through the Security Incident and Event Management (SIEM) or other security tools and performing in-depth analysis of log files.
8. Experience manipulating security events data to extract relevant cyber threat information
9. Experience managing a cyber threat platform for a large organization.
10. Experience interpreting and deploying Cyber Threat intelligence data/feeds.
11. Knowledge of Software Development Life Cycle (SDLC) fundamentals.
12. Knowledge of scripting languages
13. Knowledge of cyber security engineering and architecture practices
14. Knowledge of Change Management best practices

STREAM C - TECHNICAL ADVISOR GC-CIRT/OPERATIONAL COORDINATION AND INTELLIGENCE (OCI)
As a Technical Advisor, you will play a key role in coordinating and managing IT security incidents within the GC. You will also be responsible for assessing and analyzing technical information for use in threat intelligence documentation and for recommendations associated with IT security incidents and events.

Activities include:
• Coordinate IT security incidents and events affecting departments and agencies in the GC.
• Assess vulnerability/threat impact and make recommendations within the GC context.
• Review and assess incident/event details to be used in the determination of impact and trending with the GC.
• Produce technical documentation associated with incident/event information.
• Work with various SMEs and external partners in the reporting and resolution of IT security incidents and events.
• Analysis of incident/event information and draw conclusions leading to recommendations and/or lessons learned.
• Synthesize technical information for the production of threat intelligence sharing documentation for the GC

1. Experience working with Canadian Government IT Security related standards and policies.
2. Experience conducting technical research and analysis of cyber threats and IT security incidents
3. Experience analyzing confidential information and reports in the Cyber and IT Security Domain
4. Experience performing data analytics in a security context
5. Experience writing technical analysis papers and reports
6. Experience performing Cyber Intelligence, data analytics and/or strategic tradecraft analysis in the context of a Cyber Security program or service.
7. Experience conducting technical research and analysis of cyber threats/vulnerabilities and IT security incidents.

STREAM D - TECHNICAL ADVISOR - CYBER MONITORING DETECTION AND RESPONSE
As a Technical Advisor, you will play a key role in monitoring for, and responding to IT security incidents within the GC. You will also be responsible for providing assessment and recommendations of mitigations and brief your management and will have the opportunity to represent the Security Operations Centre on various IT projects initiatives at the departmental or government-wide level.
Activities Include:
• Monitor and respond to IT security incidents and events affecting departments and agencies in the GC.
• Assess vulnerability/threat impact and make recommendations within the GC context.
• Review and assess incident/event details to be used in the determination of impact and trending within the GC.
• Work with various subject matter experts and external partners in the reporting and resolution of IT security incidents and events.
• Analysis of incident/event information.
• Work as subject matter expert representing the IT security field in various departmental or government-wide projects.
• Conduct analysis and advise management on security incidents or projects.

1. Significant* and recent experience in the field of IT.
2. Significant* experience supporting enterprise systems and/or security appliances.
3. Significant and recent experience troubleshooting, conducting analysis and research in the field of IT infrastructure or IT security.
4. Experience documenting IT systems, issues and processes.
5. Experience conducting technical research and analysis of cyber threats/vulnerabilities and IT security incidents.
6. Experience with sandboxes, Malware/Anti-virus tools and processes, configuration, and/or support.
7. Experience handling and managing electronic evidence respecting chain of custody.
8. Experience in IT risk management.
* Significant is defined as the depth and scope of experience normally acquired over a three year period in the last seven years.

STREAM E - TEAM LEADER OR TECHNICAL ADVISOR - DIGITAL FORENSIC INCIDENT RESPONSE TEAM
As a Team Leader or Technical Advisor for the Digital Forensic Incident Response Team you will play a key role in conducting digital forensic investigations for the Government of Canada.

Activities include:
• Travelling locally or abroad to collect digital evidence
• Conduct chain of custody/preservation of evidence in a variety of situations
• Lead forensic investigation and perform forensic analysis of various artifacts
• Assist other teams in the mitigation of incidents

1. Experience conducting technical research and analysis in an IT security environment.
2. Experience in Forensic Evidence collection, preservation and documentation.
3. Experience in Forensic Analysis of artifacts from a compromised computer system in a Window and/ or Linux environment.
4. Experience determining changes to a system and perform the reconstruction of events leading to the compromise.
5. Experience in Advance Malware Analysis: Decompiling malware and combat against anti-disassembly, anti-debugging and anti-virtual machine techniques.
6. Experience in portable device forensic analysis: Blackberry, Android and Apple devices.
7. Experience writing Forensic Analysis Report.

STREAM F - TEAM LEADER OR TECHNICAL ADVISOR – VULNERABILITY MANAGEMENT SERVICES
As a Technical Advisor for the VMS group, you will play a key role in supporting SSC’s cyber defence posture and situational awareness to the SSC Security Operations Center.

Activities include:
• Executing vulnerability scanning and assessment activities.
• Producing technical documentation.
• Responsible for acquiring and managing credentials for scanning targets.
• Managing vulnerability performance, exclusion lists, scheduling and network throttling.
• Reporting to asset owners and partner organizations.
• Intake/onboarding/supporting project related vulnerability scanning, assessment and report generation.
• Working with stakeholders to develop remediation plans.

1. Experience doing analytics to quantify performance and formulating recommendations based on analytics to management.
2. Experience researching and organizing data and information to prepare informational documentation (such as a whitepaper, concept of operations, etc.) on an IT Security related topic.
3. Experience preparing briefing materials for senior management*.
4. Experience working with Canadian Government IT Security related standards and policies (e.g. Government Security Policy, Management of Information Technology Security (MITS) Standards, etc.).
5. Experience conducting technical research and analysis of cyber threats and IT security incidents.
6. Experience working within a Vulnerability Assessment program.
7. Experience working within various security groups as it pertains to addressing vulnerabilities and assessing impact to the security posture.
8. Experience in patch management and best practices.
9. Experience performing data analytics in a security context.
* Senior management is defined as manager (CS-04) and above.

STREAM G - TEAM LEADER OR TECHNICAL ADVISOR – CYBER INTELLIGENCE, ANALYTICS & REPORTING DUTIES
As a Technical Advisor or Team Leader, you will play a key role in designing and developing solutions and reports to support various cyber defence initiatives for the SSC Security Operations Center.

Activities include:
• Designing, developing, testing, implementing and maintaining application systems and participating in quality assurance activities.
• Producing programming specifications and write new or modify existing code.
• Producing technical documentation and business reports.
• Working with various SMEs to ensure that development objectives are aligned with business requirements.

This opportunity is ideally suited to someone who is passionate about developing software designed to address reporting in the field of cyber defence and who brings with them new and innovative ideas.

1. Experience doing analytics to quantify performance and formulating recommendations based on analytics to management.
2. Experience performing a secretariat function for working groups or committees.
3. Experience researching and organizing data and information to prepare informational documentation (such as a whitepaper, concept of operations, etc.) on an IT Security related topic.
4. Experience contributing to the development and management of an IT security program, including: security awareness, policies, standards, procedures, processes, monitoring, risk management, and activities surrounding the Certification and Accreditation (C&A) of IT infrastructure.
5. Experience preparing briefing materials for senior management (Director level or above).
6. Experience in database administration and/or scripting to interface data sources, reporting tools and databases.
7. Experience supervising and managing IT analysts.

ORGANIZATIONAL NEEDS:

We encourage women (especially in non-traditional occupations), Aboriginal peoples, persons with disabilities, and members of visible minority groups to apply and declare themselves as part of one or more of the above mentioned groups. Selection for some jobs may be limited to members of these groups.

Information on employment equity

OPERATIONAL REQUIREMENTS:

-Ability and willingness to work overtime as required.
-Ability and willingness to travel
-Ability and willingness to work 24/7 On-call
-Ability and willingness to do shift work
-Ability and willingness to work flexible hours
-Ability and willingness to work virtually

Conditions of employment

Reliability Status security clearance - as a minimum or other levels of security up to Top Secret.
Note: The conditions of employment and security clearance may vary by the position being staffed.

Ability and willingness to work overtime as required.

Other information

The Public Service of Canada is committed to building a skilled, diverse workforce reflective of Canadian society. As a result, it promotes employment equity and encourages candidates to indicate voluntarily on their application if they are a woman, an Aboriginal person, a person with a disability or a member of a visible minority group.

The Public Service of Canada is also committed to developing inclusive, barrier-free selection processes and work environments. If contacted in relation to a job opportunity or testing, you should advise the Public Service Commission or the departmental official in a timely fashion of the accommodation measures which must be taken to enable you to be assessed in a fair and equitable manner. Information received relating to accommodation measures will be addressed confidentially.

Preference

Preference will be given to veterans and to Canadian citizens, in that order.

Information on the preference to veterans

We thank all those who apply. Only those selected for further consideration will be contacted.