Security Analyst (Cyber Security)

Important messages

Please take the time to review the various types of positions that encompass our IT Security Operations Center as indicated under Asset Qualifications. This will give you an idea of the diversity of what people do for each of these teams.

Are you a Royal Canadian Mounted Police civilian member assigned to Shared Services Canada (SSC)? We encourage you to apply! Please note that a civilian member selected for appointment through this process may not have to convert to public servant status before deeming. Contact the Shared Services Canada Human Resources Service Desk at for more information.

We encourage applicants to identify any skills, competencies and/or experiences you have acquired through your employment with the Canadian Armed Forces (CAF), if applicable.

At Shared Services Canada we are working to change the landscape of IT for the Government of Canada. We look forward to working with you in the coming years and will support your career while you support our business. Therefore, we encourage you to be a part of our team for at least 2 to 3 years to ensure business continuity.

Candidates will be contacted by email following the initial screening phase to submit their asset package.

Work environment

Are you looking for an exciting career opportunity in IT Security where you can make a difference working in an environment that encourages innovative thinking and gives you the opportunity to be part of a dynamic team? There are numerous types of positions that fall under the Security Operation Center team that is part of the Cyber and IT Security Branch of Shared Services Canada.

Most positions are currently located in the National Capital Region. The nature of our work is either secret or top secret and must be completed in our secured facilities in Ottawa, Ontario or Gatineau, Quebec. Virtual work may be a possibility for some positions.

At SSC your job will matter. We are working hard to change the landscape of information technology for the Government of Canada. We are modernizing, securing, and supporting critical IT programs and services for Canadians. We are looking for dedicated employees that want to make a difference and that will be part of our exciting journey for years to come.

If you are an individual who wants a rewarding career with an innovative organization, we need you. If you are dedicated, creative, and motivated, we need you. If you are eager to provide modern shared services that improve government service delivery to Canadians, we need you.

We look forward to working with you in the coming years and will support your career while you support our business. We encourage you to be a part of our team for at least two to three years to ensure business continuity.

We are especially in need of people who excel in the following areas
- Computer science or engineering
- Information technology
- Information management
- Cyber intelligence
- IT Security

Intent of the process

A pool will be established and may be used to staff multiple positions within Shared Services Canada. The pool may also be used for similar positions with different tenures and linguistic profiles.

Positions to be filled: 20

Information you must provide

Your résumé.

A covering letter in 9,999 words (maximum) "---> CANDIDATES ARE TO USE EACH OF THE ESSENTIAL QUALIFICATIONS (EDUCATION AND EXPERIENCE) AS HEADERS AND PROVIDE CONCRETE EXAMPLES OF HOW EACH IS MET. FAILING TO DO SO COULD RESULT IN YOUR APPLICATION BEING REJECTED."

You must meet all essential qualifications in order to be appointed to the position. Other qualifications may be a deciding factor in choosing the person to be appointed. Some essential and other qualifications will be assessed through your application. It is your responsibility to provide appropriate examples that illustrate how you meet each qualification. Failing to do so could result in your application being rejected.

The following will be applied / assessed at a later date (essential for the job)

Various language requirements
• English Essential
• English or French essential
• Bilingual Imperative BBB/BBB
• Bilingual Imperative CBC/CBC

Information on language requirements

EDUCATION:
Successful completion of two years of an acceptable post-secondary educational program in computer science, information technology, information management or another specialty relevant to the position to be staffed.

NOTE:
At the manager’s discretion, an acceptable combination of education, training and/or experience may serve as an alternative to the minimum post-secondary education stated above. Whenever the minimum education is met using this alternative, it is met for the specific position only and must be re-assessed for other positions for which this alternative has been specified by the manager.

Degree equivalency

EXPERIENCE:

1 - Experience creating technical and/or business reports and other documents.

2 - Experience in one or more of the following (specify all that apply):

A) Experience protecting IT infrastructure which may include monitoring for, and responding to cyber security events and incidents affecting IT infrastructures, applications and data; including investigating and identifying recommendations for mitigations to these incidents using a variety of cyber security tools such as SIEM, IDS/IPS, Firewall, Antivirus, Web Proxy/gateways, VPN, vulnerability assessment tools etc. in a coordinated approach with a multi-disciplinary team.

B) Experience performing analysis and design of IT solutions based on requirements and/or specifications (database administration, scripting), and development of IT solutions for service delivery to internal clients;

C) Experience supporting the development of performance measurement and reporting frameworks.

ABILITIES:

1 - Ability to work effectively in a team-oriented and stressful environment with multiple and changing priorities.
2 - Ability to communicate effectively orally
3 - Ability to communicate effectively in writing.

PERSONAL SUITABILITY:

1 - Initiative
2 - Judgment
3 - Adaptability
4 - Dependability

The following may be applied / assessed at a later date (may be needed for the job)

ASSET EXPERIENCE:
** Candidates will be contacted by email at a later date (following the initial screening phase) to submit their asset package **

COMMON FOR ALL STREAMS :
1 - Experience conducting technical research and analysis in multiple areas of IT, and providing written technical advice, including recommendations, to various audiences.
2 - Experience working in an IT environment involving a variety of platforms, operating systems, environments, database technologies and/or messaging technologies.

STREAM A - CYBER DEVELOPER (Cyber Security)
As a Cyber Developer, you will play a key role in supporting the design and development of solutions to support various cyber defence initiatives for the SSC Security Operations Center.

Activities include:
• Designing, developing, testing, implementing and maintaining application systems and participating in quality assurance activities.
• Producing programming specifications and write new or modify existing code.
• Producing technical documentation.
• Working with various SMEs to ensure that development objectives are aligned with business requirements.

This opportunity is ideally suited to someone who is passionate about developing software designed to address emerging topics in the field of cyber defence and who brings with them new and innovative ideas.

Minimum of one year combined experience programming within the last 7 years in the following:
1. Experience in either C/C++ or Python (2.7 or 3.x) with an emphasis on Microsoft Windows development
2. Experience testing/debugging code
3. Experience using a professional development environment such as Visual Studio, PyDev or Eclipse
4. Experience using version control systems such as Git or SVN
5. Experience interfacing with relational databases such as MS SQL, MySQL, Oracle

STREAM B - CYBER SECURITY THREAT ANALYST
As a Cyber Security Threat Analyst, you will play a key role in operating and developing solutions to support development of cyber threat intelligence, SIEM Use case and parsing and performing data quality activities for the SSC Security Operations Center.
This opportunity is ideally suited to someone who is passionate about the field of cyber security and who brings with them new and innovative ideas.

1. Experience supporting and using security information and event management (SIEM) in a large organization, across multiple security boundaries
2. Experience protecting critical assets against various cyber threats by applying event lifecycle and Kill-Chain techniques
3. Experience utilizing big data and working with technologies such as: Kafka, Event Broker, Kubernetes, and Docker
4. Experience in the prevention, detection and response to cyber intrusions and other unauthorized or malicious activity.
5. Experience identifying, investigating and escalating potential issues affecting the security posture of the organization.
6. Experience using scripting languages.
7. Experience monitoring security events received through the Security Incident and Event Management (SIEM) or other security tools and performing in-depth analysis of log files.
8. Experience manipulating security events data to extract relevant cyber threat information
9. Experience managing a cyber threat platform for a large organization.

STREAM C - SECURITY ANALYST GC-CIRT/OPERATIONAL COORDINATION AND INTELLIGENCE (OCI)
As a Security Analyst, you will participate in coordinating and assist with the management of IT security incidents within the GC. You will also play a key role in assessing and analyzing technical information for use in threat intelligence documentation and for recommendations associated with IT security incidents and events.

Activities include:
• Assist in the coordination of IT security incidents and events affecting departments and agencies in the GC.
• Participate in assessing vulnerability/threat impacts and make recommendations within the GC context.
• Review and assess incident/event details to be used in the determination of impact and trending with the GC.
• Draft technical documentation associated with incident/event information.
• Work with various SMEs and external partners in the reporting and resolution of IT security incidents and events.
• Assist with the analysis of incident/event information and draw conclusions leading to recommendations and/or lessons learned.
• Synthesize technical information for the production of threat intelligence sharing documentation for the GC

1. Experience working with Canadian Government IT Security related standards and policies.
2. Experience conducting technical research and analysis of cyber threats and IT security incidents
3. Experience analyzing confidential information and reports in the Cyber and IT Security Domain
4. Experience performing data analytics in a security context
5. Experience writing technical analysis papers and reports
6. Experience performing Cyber Intelligence, data analytics and/or strategic tradecraft analysis in the context of a Cyber Security program or service.
7. Experience conducting technical research and analysis of cyber threats/vulnerabilities and IT security incidents.

STREAM D - SECURITY ANALYST - CYBER MONITORING DETECTION AND RESPONSE
As a Security Analyst, you will participate in monitoring, coordinating and responding to IT security incidents within the GC. You will play a key role in assessing and analyzing technical information in order to respond to security incidents and events. You will also participate in proposal of mitigation measures and provide assistance to other group within SSC or the GC in resolving security incidents, events or investigations.

1. Minimum of 3 years experience in the field of IT
2. Experience supporting enterprise systems and/or security appliances.
3. Experience troubleshooting, conducting analysis and research in the field of IT infrastructure or IT security
4. Experience coordinating work in a multi-disciplinary environment

STREAM E - SECURITY ANALYST - DIGITAL FORENSIC INCIDENT RESPONSE TEAM
As a Security Analyst for the Digital Forensic Incident Response Team you will play a key role in conducting digital forensic investigations for the Government of Canada.

Activities include:
• Travelling locally or abroad to collect digital evidence
• Conduct chain of custody/preservation of evidence in a variety of situations
• Assist in forensic investigation and perform forensic analysis of various artifacts
• Assist other teams in the mitigation of incidents

1. Experience conducting technical research and analysis in an IT security environment.
2. Experience in Forensic Evidence collection, preservation and documentation.
3. Experience in Forensic Analysis of artifacts from a compromised computer system in a Window and/ or Linux environment.
4. Experience determining changes to a system and perform the reconstruction of events leading to the compromise.
5. Experience in Advance Malware Analysis: Decompiling malware and combat against anti-disassembly, anti-debugging and anti-virtual machine techniques.
6. Experience in portable device forensic analysis: Blackberry, Android and Apple devices.
7. Experience writing Forensic Analysis Report.

STREAM F - SECURITY ANALYST – VULNERABILITY MANAGEMENT SERVICES
The Vulnerability Management Services (VMS) team is seeking IT Security Analysts to be part of the growing Security Operations Centre (SOC) in SSC’s Cyber and IT Security Branch. We are focused on expanding and improving our the current services and require experienced and motivated individuals to do so. This individual(s) will be asked to be part of an operations team that will be:
• Developing vulnerability management strategies and methodologies
• Developing the technical solutions and processes
• Performing vulnerability assessments (VA’s) and penetration testings
• Analysing and evaluating VA results and recommending remediation actions
• Providing VA support to projects and SSC partners
• Performing on-going regular VA’s
• Working closely with our security partners on an ongoing basis.
• Enhancing and maturing VMS services and processes

1. Experience working and/or supporting in a large size enterprise and/or Government of Canada IT infrastructure or Application support.
2. Experience working in IT security related environment of a variety of platforms, operating systems, environments or database technologies.

STREAM G - SECURITY ANALYST– CYBER INTELLIGENCE, ANALYTICS & REPORTING
As a Security Analyst, you will play a key role assisting in designing and developing solutions and reports to support various cyber defence initiatives for the SSC Security Operations Center.

Activities include:
• Designing, developing, testing, implementing and maintaining application systems and participating in quality assurance activities.
• Producing programming specifications and write new or modify existing code.
• Producing technical documentation and business reports.
• Working with various SMEs to ensure that development objectives are aligned with business requirements.

This opportunity is ideally suited to someone who is passionate about developing software designed to address reporting in the field of cyber defence and who brings with them new and innovative ideas.

1. Experience in the field of IT.
2. Experience doing analytics to quantify performance and formulating recommendations based on analytics to management.
3. Experience performing a secretariat function for working groups or committees.
4. Recent experience researching and organizing data and information to prepare informational documentation (such as a whitepaper, concept of operations, etc.) on an IT Security related topic.
5. Experience in database administration and/or scripting to interface data sources, reporting tools and databases.

STREAM H - SECURITY ANALYST – EMAIL SECURITY
As a Security Analyst, you will participate in monitoring, coordinating and responding to IT security incidents involving Enterprise Email within the GC. You will play a key role in assessing and analyzing technical information in order to respond to security incidents and events. You will also participate in proposal of mitigation measures and provide assistance to other group within SSC or the GC in resolving security incidents, events or investigations.

1. Experience supporting enterprise messaging architecture and/or systems and/or security appliances
2. Experience using command line tools (i.e. powershell).
3. Experience troubleshooting, conducting analysis and research in the field of IT infrastructure or IT security
4. Experience documenting IT systems, issues and processes
5. Experience coordinating work in a multi-disciplinary environment

STREAM I - SECURITY ANALYST – ADMINISTRATIVE INVESTIGATIONS
As a Security Analyst, you will participate in the coordination of administrative investigations of SSC and other GC departments and agencies, providing advices to Departmental Security Officers and Access to Information and Privacy Offices, validating “authority to operate”, extracting data evidences or engaging SSC service lines when necessary, processing data when necessary, and transferring data in a forensically sound manner; all while ensuring confidentiality of each cases and respecting the “need-to-know principle”.

1. Experience coordinating administrative investigations in support of an Access To Information/Privacy Office or other formal information request, or a Departmental Security Office or similar official corporate security representative.
2. Experience using various eDiscovery search tools, techniques or procedures.
3. Experience performing keyword searches based on the specified data sets such as email, internet logs, home drive data, and phone records.
4. Experience assisting in the conduct of internal investigations such as providing internet history, SMTP logs, phone logs, implementing email filters.
5. Experience handling evidence through the chain of custody, as well as hashing.
6. Experience using command line tools (i.e. Robocopy).

ORGANIZATIONAL NEEDS:

We encourage women (especially in non-traditional occupations), Aboriginal peoples, persons with disabilities, and members of visible minority groups to apply and declare themselves as part of one or more of the above mentioned groups. Selection for some jobs may be limited to members of these groups.

Information on employment equity

OPERATIONAL REQUIREMENTS :

Depending on the position to staff, operational requirements could apply such as:
-Ability and willingness to travel
-Ability and willingness to work 24/7 On-call
-Ability and willingness to do shift work
-Ability and willingness to work flexible hours
-Ability and willingness to work virtually

Conditions of employment

Reliability Status security clearance - as a minimum or other levels of security up to Top Secret.

Note: The conditions of employment and security clearance may vary by the position being staffed.

Ability and willingness to work overtime as required.

Other information

The Public Service of Canada is committed to building a skilled, diverse workforce reflective of Canadian society. As a result, it promotes employment equity and encourages candidates to indicate voluntarily on their application if they are a woman, an Aboriginal person, a person with a disability or a member of a visible minority group.

The Public Service of Canada is also committed to developing inclusive, barrier-free selection processes and work environments. If contacted in relation to a job opportunity or testing, you should advise the Public Service Commission or the departmental official in a timely fashion of the accommodation measures which must be taken to enable you to be assessed in a fair and equitable manner. Information received relating to accommodation measures will be addressed confidentially.

Preference

Preference will be given to veterans and to Canadian citizens, in that order.

Information on the preference to veterans

We thank all those who apply. Only those selected for further consideration will be contacted.