Job Tittle: Information Security Engineer III

Location: Montreal, QC

MAIN RESPONSIBILITIES

Responsibilities include but are not limited to:

• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
• Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to BNP’s environment and determine appropriate mitigating controls.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level based upon BNP’s policies and standards.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
• Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
• Review and/or escalate exception requests submitted to the VM team
• Using a risk based approach, analyze BNP’s vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
• Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
• Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.

REQUIREMENTS

TRAINING AND OCCUPATIONAL EXPERIENCE

• B.S. in Computer Science or equivalent field
• CISSP, CISM or similar industry certification
• +5 years of experience in Vulnerability Management or related field

ESSENTIAL SPECIFIC REQUIREMENTS

• Expertise knowledge of the Vulnerability Management process including vulnerability identification, false negative/positives identification & elimination
• Strong knowledge of Qualys, Nexpose or Nessus including configuration and maintenance, scan execution, agent deployment and oversight
• Experience of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
• Experience Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).
• Experience of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Previous experience working in large-scale environments with diverse technologies is a must.
• Knowledge of scripting languages desired

SKILLS AND BEHAVIOURS

• Analytical skills
• Strategic vision
• Rigor & Accuracy
• Flexibility
• Communication skills
• Collaboration
• Self-driven
• Team player