 |
 |
 |
 |
Career Opportunities
Cygnos I.T. Security is recognized leader in the field of information technology security and training. We are focused, committed and motivated, to turn our expertise and experience into high value, trusted business solutions. Our shared respect, integrity and enthusiasm are central to our success both as a company and as individuals.
As part of the Cygnos team you'll work with an organization producing the highest quality solutions through the strengths, capabilities and initiative of our resources.
At Cygnos we're always looking for highly motivated resources who demonstrate initiative and maturity in the performance of their responsibilities and in their day-to-day business interactions. Cygnos is interested in meeting positive, productive people to contribute to the growth of their respective teams and the company as a whole.
Interested in joining a dynamic team? Send us your resume in confidence to the attention of Cygnos Human Resources at hr@cygnos.com.
Cygnos is regularly looking for qualified candidates in the following categories.
|
 |
| |
|
|
| |
Intermediate Vulnerability and Web
Application Assessment Security Analyst |
|
| |
The successful candidate will provide consulting services to
a wide range of public and private sector clients, with a
focus on performing vulnerability assessments, and assessing
the security of web applications. Engagements will
include: Network level vulnerability assessments,
enterprise-wide security audits, eCommerce application
security assessments, architecture, and engineering.
Effective writing skills are fundamental to this position
Qualifications
ü
3-5 years of progressive
work experience in performing IT Security work, including
technical vulnerability assessments
ü
Experience in conducting
web application security assessments on both MS Windows and
UNIX platforms
ü
Solid background in
eCommerce technologies, and web application development
ü
Solid experience in
security technologies including firewalls, IDS systems,
Security Event Management systems
ü
Solid experience in network
architecture design, implementation and maintenance, in
particular as pertaining to security requirements
ü
Ability to advise and make
security recommendations based on sound principles and
proven methodologies
ü
Ideally, Information
Systems Security certification such as CISSP,CISA or CISM a
definite asset.
ü
A good understanding of
security standards, protocols and technologies available for
the UNIX, Windows 2000/2003 and web-based environments
ü
Familiarity with GoC
organizations, policies, and standards
ü
Highly organized,
analytical, detail and action oriented.
ü
Strong planning,
facilitation, communication, negotiation and interpersonal
skills.
ü
Ideally, a University
Degree/Diploma in Computer Science, or Engineering.
ü
Ideally Secret Security Level II clearance.
Qualified
candidates will be required to submit samples of work
demonstrating past experience, writing and presentation
skills. |
|
| |
Applications
Security Analyst: |
|
| |
The
ability to read and understand different code languages such
as Java, C++, Visual Basic etc. An understanding of Web
servers and backend databases such as Oracle, MS SQL and
Sybase is also required. The Application Security Analyst
is able to define coding rules that fit with other Security
Policies in an organization as well as include generic
coding rules not always followed by programmers. They
review existing code for vulnerabilities such as buffer
overflows, backdoors, overall security structure and user
rights at both the application, database and server levels.
The Analyst has the added responsibility of detailing and
documenting findings in an audit like manner so that problem
areas that have been revealed also show how they should be
fixed. Best practices in coding etc. that are found within
an organization are also documented and encouraged to be
incorporated in standards as status quo. |
|
| |
|
|
| |
Business Continuity Planning (BRP - BCP) Engineer: |
|
| |
Capable of advising clients on planning for
recovery from accidental business outages due to serious
failure of services at the IT Infrastructure level is the
overall responsibility of the BRP-BCP Engineer.
Understanding of multiple backup software's, methodologies,
development life cycle, testing and daily procedures are all
part of the responsibility set. The BRP engineer will
facilitate in the creation of disaster recovery plans and
must take into account overall organizational policies in
order to give order to the recovery process and ensure key
facilities are accessible within defined time frames.
The planning of offsite facilities is also many times
included in the overall process. |
|
| |
|
|
| |
Human Resources
(HR) Security: |
|
| |
HR
security involves people. Although many large organizations
have independent security done on their employee’s (e.g.
Enhanced Security, Secret Security in Government), an
understanding of what this means to an organization is
sometimes lacking. HR Security personnel are not only able
to review individuals to see if they meet certain
organizational requirements from a security angle but they
must also be able to enter an organization and document what
level of security is required by certain areas or personnel
within the organization. HR Security people look at
applications and more importantly the data the applications
use. They can then document the level of security required
based on data content and overall organizational policies. |
|
| |
|
|
| |
Forensics Specialist: |
|
| |
The
forensic specialist will assist organizations in
investigating computer crime and other suspicious computer
activity. Our forensic specialists are technologically
competent and trained on handling computer evidence and
communicating their findings in an efficient and effective
manner. Forensics includes items such as:
-
The recovery of information from digit
resources including RAM, hard drives, tapes
-
Investigation and analysis of system, security and
application logs
-
understanding
of cutting edge hacker methodologies, exploits
and tools;
|
-
Evidence handling and chain of custody procedures;
-
Interviewing personnel and review organizational
procedures and policies to see if all items have
been adhered to
-
Excellent writing and
communication skills and ability to present
findings in a report, which maybe used in the
court of law;
|
|
|
| |
|
|
| |
Information Technology Security (ITS) Penetration Testing
and Vulnerability Specialists: |
|
| |
A
Vulnerability Assessment Specialist identifies security
weaknesses and strengths of the client's systems and
networks as they appear to outsiders as well as internal
users operating within the client's security perimeter. The
goal is to demonstrate the existence or absence of known
vulnerabilities that could be exploited by authorized
internal users, or external hackers alike. |
|
| |
|
|
| |
Information Technology Security (ITS) Policy Analyst: |
|
| |
The
Policy analyst must have the ability to read and interpret
existing policy as well as create or recommend new or
changes to policy. The analyst must understand the impact
of policy on both the business and technology sides of an
organization. Many times policy can create a domino effect
where one small change can ripple and topple other existing
standards. Therefore policy must be somehow tested to
ensure its application works and that its potential side
effects, if any, are understood and accounted for. Aspects
that should be considered in Policy are Service Level
Agreement’s (SLA’s), ROI and BRP-BCP. Policy should also
reflect Threat and Risk. |
|
| |
|
|
| |
Information Technology Security (ITS) Project Manger: |
|
| |
The ITS
PM needs to have a sound understanding of Security in
general. They must understand the complexities of security
and its effects on work performance and loads. Although a
detailed knowledge of all security areas would be
beneficial, the ITS PM is more of a generalist and has the
ability to organize these functional areas and people into a
single cohesive system. Creating workshops, attending
meetings and other common PM duties are also part of the ITS
PM’s responsibilities. |
|
| |
|
|
| |
Intrusion Detection System (IDS) Architect: |
|
| |
An
Intrusion Detection System Architect is capable of advising
and designing Intrusion Detection System capability within
the framework of clients’ security policies. An
understanding of multiple IDS systems, their functionality
and how they each would fit into an organizations existing
security infrastructure are always required. Both Network
and Host systems are used and therefore an understanding of
the significance of both, their interoperation and their
operation/impact on the entire system must be understood.
The number of alerts created by IDS can be huge. The
ability to set baselines, filters and cross references on
alerts, between systems, to reduce their number is paramount |
|
| |
|
|
| |
Physical Security
Specialist: |
|
| |
Physical
security reviews the house that systems reside in. Whether
biometrics are required for access, wires in ceilings, code
locks on doors etc are needed and where such security
hardware is placed. Redundancy in systems is also of
importance as well as breakdowns of intrusion scenarios so
that ‘next steps’ and ‘preventative steps’ are documented
and understood. |
|
| |
|
|
| |
PKI Specialist: |
|
| |
An
understanding of PKI at a highly detailed level is
required. The use of keys, types of keys, methodologies and
configuration of systems using PKI must be understood.
Software, such as Entrust, must be in the specialist
repertoire of tools and how it is used and impacts
applications, mail etc must not only be clearly understood
but the specialist must be able to make others aware of the
use of PKI, its implications and overall administration and
maintenance. Trust relationships are key to PKI and the
specialist must also be able to create matrixes of
requirements that can and will aide in the adoption of
partners. |
|
| |
|
|
| |
Security Analyst /
Architect: |
|
| |
The
Security analyst/architect is not unlike the ITS PM. The
difference is that the organizational ability is at a
technology detail level. The knowledge of all security
areas is required coupled with the ability to map security
policy requirements down to technological security
solutions. The inter-relationships between security areas
are also required. The analyst/architect is like a puzzle
master. They must be able to understand all facets of each
security domain and piece them together so they fit
seamlessly and work together as a single cohesive system. |
|
| |
|
|
| |
Security
Product / R&D Specialist: |
|
| |
A
security product analyst performs in-depth analysis of
emerging security products and protocols. The objective
being to assist clients in choosing and deploying the
product that is best suited to their security and is capable
of integrating with it. |
|
| |
|
|
| |
Security
Trainer / Security Instructors: |
|
| |
Security
trainers/instructor may not only be required to teach
technical security aspects from IDS to PKI but must also be
able to interpret the benefits of these systems and their
necessities to the general workforce of an organization.
This ability in the instructor will benefit the organization
since the ‘message’ of security can be delivered to all
within an organization. This further benefits the
organization since awareness is a key element in an overall
security posture. |
|
| |
|
|
| |
Intermediate Risk Analyst |
|
| |
Position Overview
The successful candidate
will provide consulting services to a wide range of public
and private sector clients, with a focus on IT Security and
Risk Management. As a risk analyst, engagements will
include: Threat/Risk Assessments, Privacy Impact
Assessments, Compliance Audits, Policy Development,
Governance Reviews, and Training.
Qualifications
ü
3-5 years of
progressive work experience in audit and IT Security risk
management
ü
Extensive
knowledge of information security standards such as ISO
17799 and information system audit frameworks such as COBIT.
ü
Extensive
knowledge of Government of Canada standards including MITS,
GSP, MG and ITSG series standards on Certification &
Accreditation, Risk Assessments, Privacy Assessments, and
Security Controls.
ü
Experience
in conducting Threat/Risk Assessments according to the RCMP
or CSE Methodologies
ü
Experience
in conducting Privacy Impact Assessments according to the
Treasury Board Secretariat guidelines
ü
Experience
in conducting gap analyses against GSP, MITS, and other
standards and policies
ü
Familiarity
with GoC organizations
ü
A good
understanding of security standards, protocols and
technologies available for the UNIX, Windows 2000/2003 and
web-based environments
ü
Experience
in developing and testing contingency and business
resumption plans.
ü
Highly
organized, analytical, detail and action oriented.
ü
Strong
planning, facilitation, communication, negotiation and
interpersonal skills.
ü
Ideally,
Information Systems Security certification such as
CISSP,CISA or CISM a definite asset.
ü
Ideally, a
University Degree/Diploma in Computer Science, Business or
Engineering.
ü
Ideally Secret Security
clearance. |
|
 |
 |
 |
> CAREERS
