MatchBox Consulting Group is currently seeking an IT Security Analyst, DevOps for a permanent position. This role will work out of the clients downtown Vancouver office. This is a hybrid position 3 days in office and 2 days remote.

What you'll do:

The IT Security Analyst, DevOps will focus on application and DevOps security and play a critical role in ensuring the security and integrity of in-house developed applications, infrastructure, data, and systems. This position involves monitoring, analyzing, and responding to security incidents, conducting vulnerability assessments of applications, and ensuring compliance with regulatory and organizational standards. The IT Security Analyst, DevOps will collaborate with various departments to implement security measures and enhance the organization's overall cybersecurity posture.

Key Responsibilities and Accountabilities:

Security Integration in DevOps Pipelines:

• Implement security best practices within continuous integration/continuous delivery (CI/CD) pipelines
• Automate security testing using Static Application Security Testing, Dynamic Application Security Testing, and Software Composition Analysis (SAST, DAST, SCA) in development workflow
• Ensure Infrastructure as Code (IaC) follows security guidelines

Security Monitoring and Incident Response:

• Investigate and respond to security incidents in DevOps and cloud environments
• Collaborate with security operations teams to detect, analyze, and mitigate threats
• Conduct post-incident analysis and recommend security improvements
• Utilize the organization’s security stack, including Veracode and Sysdig to proactively manage application security risks and threats

Risk Assessment and Management:

• Perform regular vulnerability scans and assessments to identify and remediate security risks
• Analyze risks and provide actionable recommendations to mitigate vulnerabilities
• Leverage tools such as Veracode, Edgescan for SAST and DAST vulnerability scans to ensure application security
• Work with various tools to perform Software Composition Analysis (SCA), registry & container security scans
• Assist in the development and maintenance of risk management frameworks

Compliance and Governance:

• Work with Manager, IT Security, Risk & Compliance to update Corporate Risk Register with identified application vulnerabilities and remediation actions
• Track and monitor the progress of security remediation initiatives. Ensure IT security practices align with regulatory requirements, the National Institute of Standards and Technology (NIST) and organizational policies
• Support audits and assessments related to IT security and compliance
• Maintain accurate and up-to-date documentation of IT security policies and procedures

Collaboration and Reporting:

• Collaborates with various divisions and teams to ensure secure configuration of systems and applications
• Assist in the evaluation and implementation of new security tools and technologies
• Prepare and deliver security reports and updates as required

Additional Responsibilities:

• Conduct security awareness training for employees using KnowBe4 as needed
• Perform infrastructure vulnerability assessments and generate reports for stakeholders
• Conduct user account and vendor security audits
• Support other IT security initiatives and duties as required

Education and Experience:

• Diploma or bachelor's degree in computer science
• Strong understanding of IT security principles, practices, and tools
• Hands-on experience with security testing techniques such as SAST, DAST & application penetration testing
• Familiarity with tools such as Veracode (SAST & DAST) and Sysdig (SCA, Container Scanning), Imperva, Cloudflare, CloudWatch, Cloudtrail
• 5+ years of cybersecurity experience, including 3 years in DevOps Security and 2 years in IT Security preferred

A certification in one or more of the following is desirable:

• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• GIAC Cloud Security Automation Ec-Council Certification
• DevSecOps certification from AWS, Microsoft

Knowledge, Skills, and Abilities:

• Strong interpersonal, problem-solving, and conflict-resolution skills are important for success in this role
• Demonstrated ability to multitask while maintaining attention to detail
• Excellent oral and written communication skills with the ability to engage and collaborate with employees across multiple departments, presenting a friendly, approachable demeanor to leverage security to help others succeed
• Working experience in the following areas: application security, vulnerability management, threat modelling, penetration testing, web and network protocols, and encryption technologies
• Practical and operational experience with cyber security services and tools such as Veracode, Sysdig, Cloudflare, Imperva, AWS Security Services, Azure Security Services, etc.
• Knowledge and understanding of various information security frameworks such as OWASP, SANS, NIST, CSF etc.
• Working knowledge and hardening skills on information technologies including Linux, Windows, MySQL, MSSQL, IBM DB2, etc.
• Working knowledge and hardening skills on Cloud technologies including Amazon Web Services (AWS) and Azure

For more current job opportunities, Follow MatchBox at linkedin.com/company/matchbox-recruitment/

_________________________

About MatchBox

Headquartered in downtown Vancouver and serving clients nationally, MatchBox is one of the leading recruitment and solutions firms that specializes in the fields of IT & Technology, Engineering & Technical, Real Estate & Construction, and Accounting & Finance. We offer unrivaled expertise with our team's extensive experience in the recruitment and professional services industry. We are dedicated to building great connections and creating strong opportunities within the workforce and the labor market.

Equal Opportunities

MatchBox is committed to providing equal opportunities for all applicants. We welcome and encourage applications from people of all backgrounds, including members of minority groups such as racialized individuals, people with disabilities, LGBTQ+ individuals, and Indigenous peoples. It is a priority for us that all candidates are treated fairly and without discrimination. Our recruitment teams receive ongoing training on using objective criteria for evaluating candidates and other related topics to create an inclusive and welcoming environment for all.

Work Permits

Please note that we require all interested candidates to obtain the necessary work permits from the Government of Canada prior to submitting an application. This position is open exclusively to individuals residing in Canada and legally authorized to work in Canada. Applications not meeting these criteria will not be considered.

Further Consideration

We receive a high volume of applications and are only able to contact candidates who are selected for further consideration.

Find out more at www.matchboxhr.com