Senior Security Analyst, Information Security
Apply NowCompany: First National Corporation
Location: Toronto, ON M4E 3Y1
Description:
First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law.
First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at [email protected]should you need an accommodation at any point in the recruitment process.
We are hiring a Senior Security Analyst, Information Security!
Reporting To:
Manager and Team Lead, Information Security
Full-Time/Part- Time:
Full-time
Posting Date:
April 11, 2025
Closing Date:
April 25, 2025
Hours of Work:
8:30 a.m. - 5:00 p.m.
Grade:
Office Location:
14.4
Toronto, ON
Great location! Steps away from the main public transit station
What we offer:
Highly competitive compensation package includes base salary, bonus, benefits, and career advancement opportunities!
*Eligibility for benefits is dependent on the terms of employment
The Opportunity:
The Senior Security Analyst shall support the Vulnerability Management practice. The candidate must be proficient in vulnerability management principles to supervise the Vulnerability Management practice with a strong focus on cloud security. The candidate shall be responsible for the identification and remediation support of any vulnerabilities pertaining to First National's IT infrastructure. Strong communication skills are required for this role to enable effective communication between various stakeholders. Problem-solving and critical thinking are also essential for this role to manage escalations and resolve conflicting priorities.
How you will contribute:
General
Vulnerability Management
Compliance
Security Assessments / Architecture Review / Threat Modeling
The experience you need:
Educational Skills and Attributes:
Working Environment and Physical Demands Analysis:
Why join First National?
The team you'll join:
Founded in 1988, First National is one of Canada's largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada's largest commercial mortgage lender.
First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.
We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.
#FNLOON
Other details
Apply Now
First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at [email protected]should you need an accommodation at any point in the recruitment process.
We are hiring a Senior Security Analyst, Information Security!
Reporting To:
Manager and Team Lead, Information Security
Full-Time/Part- Time:
Full-time
Posting Date:
April 11, 2025
Closing Date:
April 25, 2025
Hours of Work:
8:30 a.m. - 5:00 p.m.
Grade:
Office Location:
14.4
Toronto, ON
Great location! Steps away from the main public transit station
What we offer:
Highly competitive compensation package includes base salary, bonus, benefits, and career advancement opportunities!
*Eligibility for benefits is dependent on the terms of employment
The Opportunity:
The Senior Security Analyst shall support the Vulnerability Management practice. The candidate must be proficient in vulnerability management principles to supervise the Vulnerability Management practice with a strong focus on cloud security. The candidate shall be responsible for the identification and remediation support of any vulnerabilities pertaining to First National's IT infrastructure. Strong communication skills are required for this role to enable effective communication between various stakeholders. Problem-solving and critical thinking are also essential for this role to manage escalations and resolve conflicting priorities.
How you will contribute:
General
- Good Program Management skills to lead, contribute, and continuously mature the Vulnerability Management program.
- Non-business facing role but an ability to build strong relationships with internal teams and security leadership is essential.
- Engage with a team of Information Security professionals, and mentor and coach other security team members to provide guidance and expertise in their growth.
- Manage third-party security partners, ensure objectives are met, and work in partnership to continuously improve processes.
- Stay updated on emerging threats to cloud infrastructure.
- Collaborate with infrastructure teams to design and implement secure cloud configurations and best practices.
- Review and assess the security posture of IT solutions by emphasizing platform security controls.
- Assist in evaluating, selecting, onboarding, and managing vendors, solutions, and consultants, as applicable.
- Perform security assessments on new and existing IT solutions and report security gaps and relevant and adequate remediation actions.
- Review security tools and threat trends and lead security analysis efforts to identify threats and vulnerabilities to the organization's IT infrastructure.
- Actively participate in the Change Management process to review and approve changes from an infrastructure perspective.
- Participate in security incident response activities.
Vulnerability Management
- Govern vulnerability assessment projects and support penetration testing and vulnerability remediation efforts.
- Develop and implement automation solutions to streamline vulnerability detection, remediation, and reporting.
- Oversee patch management activities by maintaining compliance with First National security standards and customer security mandates.
- Analyze security threats to cloud infrastructure and recommend appropriate mitigation strategies.
- Identify, prioritize, and remediate vulnerabilities in cloud infrastructure, applications, and services.
- Monitory and analyze cloud security posture using company CSPM tools.
- Provide actionable insights to leadership and stakeholders to improve cloud security posture.
- Track and report KPIs for vulnerability management.
- Lead projects by leveraging suggestions and insights from External Attack Surface Management platforms to drive security enhancements and remediate applicable risks.
- Coordinate periodic external and internal penetration testing and supervise the remediation tracking.
- Review issues identified in external/third-party penetration tests and track them to closure.
- Coordinate with IT Application and Infrastructure teams to coach, mentor, and assist them during vulnerability remediation activities.
- Prepare periodic reports for IT and Infosec Executive Management to showcase the current security posture of the Vulnerability Management Program.
- Ensure coverage of all IT assets by including them in the vulnerability management program scope and then reconciling it with the IT asset inventory.
- Spearhead the secure configuration audits to ensure IT assets (On-Prem and Cloud) are hardened as per industry benchmarks before their deployment.
- Supervise the periodic certificate scanning and coordinate with relevant stakeholders to address security issues.
- Stay current on new and emerging threats by leveraging threat intel and analyzing their applicability to the company's IT environment.
Compliance
- Perform periodic firewall rule base reviews and guide the team with remediation of the findings.
- Support the Information Security Department to provide adequate evidence to support the audit and provide responses for remediations.
- Provide guidance and supervision on Information Security compliance to ensure Security controls are functioning appropriately within the organization.
Security Assessments / Architecture Review / Threat Modeling
- Support in performing security reviews on new and existing systems from an infrastructure/ platform/ environment perspective and report on any deviation from the company's security standards and industry best practices.
- Support in performing periodic threat modeling and maintaining the model for currency and tracking of any risk remediation activities.
- Assess information technology control elements to mitigate IT security risks regarding the confidentiality, integrity, and availability of information and assets
The experience you need:
- 5+ years of recent operational security experience
- Experience with several of the following topics:
- Software vulnerabilities & exploitation
- Vulnerability Assessments
- Penetration Testing
Educational Skills and Attributes:
- Post-secondary education, university education, and technical certifications are required.
- Must have a working knowledge of:
- Vulnerability Assessment and Penetration testing
- Networking fundamentals
- Cloud security fundamentals related to Azure.
- Security tools such as Nessus, Nexpose, Qualys, Nmap, Kali Linux, etc.
- MS Defender suite of products
- Good to have knowledge of
- Threat modeling
- Application Security, OWASP, etc.
- Familiarity with threat hunting and Incident Response
- Security technologies (Firewalls, SIEM, etc.)
- Familiarity with PowerBI
- Support security incident investigation efforts by sharing evidence from available tools.
- Support in analysis of Indicators of Compromise (IoC) by analyzing data from available tools.
- Certifications and Skills
- Good to have
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
- OSCP
- Azure Fundamentals (AZ-900)
- Excellent verbal communication skills
- Outstanding written skills for preparing reports and briefings.
- Excellent analytical and problem-solving skills
- Good to have
Working Environment and Physical Demands Analysis:
- Office environment
- Periods of high volume with tight timelines
- Long periods of stationary position/sitting
- Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
- Long periods of time in viewing a computer screen
- Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program.
Why join First National?
- Competitive Compensation
- Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
- Hybrid working environment.
- Extensive training programs to set our employees up for success
- Modern office environment conducive to collaboration
- Supportive teamwork culture
- Opportunities to give back to the communities and work through events focused on a variety of charities
- Ongoing social events throughout the year
The team you'll join:
Founded in 1988, First National is one of Canada's largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada's largest commercial mortgage lender.
First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.
We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.
#FNLOON
Other details
- Job Family IT (.4)
- Pay Type Salary
Apply Now