Information Security Engineer

GCT is the largest terminal operator and maritime employer in the country.  We are the major entry point for international trade in Canada, totaling over $2 billion in economic output each year.  Operating on the West Coast for over a hundred years, with the support of our people, we played a major role in the development of the Asia Pacific Gateway. 

We offer rewarding opportunities for team-oriented individuals who thrive in a fast-paced environment that are accountable, innovative, and driven to achieve challenging goals.  We have an opportunity for an Engineer, Information Security within our IT architecture team at our head office location in Vancouver, BC.  

This position works with GCT resources to help assess, plan, scope, design and monitor cyber security processes and solutions. The position provides extra resources and expertise to assist the GCT IT team in implementing, operating and maintaining cyber security processes and solutions. This is a hands-on role that occasionally requires the candidate to engage in operational tasks independently.

Key Responsibilities

The ideal candidate will have hands on experience with the design, deployment and ongoing maintenance of Information Security Infrastructure and services including:

• Assisting in developing, implementing and maintaining Information Security Management System (ISMS).
• Monitoring of key GCT systems (EDR, IPS, SIEM, Firewalls etc.) to detect abnormalities.
• Monitoring of external vendor and industry sources to guide internal risk mitigation actions.
• Investigation, detection, containment, resolution of observed or reported abnormalities to corporate standards (as required).
• Carrying out regular scheduled activities, such as dormant account review, phishing tests, internal and external vulnerability scans. Ensuring appropriate action is taken on findings.
• Collaborating with GCT IT / third party system administrators to ensure that risk appropriate actions are taken in accordance with corporate policies (Patching, access control etic).
• Conducting requested risk and privacy assessments to internal and external information systems as requested.
• Assuring compliance to required federal and corporate standards, procedures, guidelines and processes.
• Participating in required audits related to cyber security and compliance.

Requirements

Education & Experience:

A university degree or college diploma in cyber security (or related subject such as computer science with an equivalent combination of cyber security training).  5 - 7 years’ experience working in the cyber security sector with strong focus on designing, implementing and maintaining cyber security solutions in IT systems, information and operational technology across a wide range of platforms.   

The successful applicant will be proficient at managing simultaneous projects, milestones, and tasks of varying scope and priority as they ensure customer satisfaction is maintained.

Other requirements include:

• Strong communication skills, both written and verbal, must be comfortable, friendly, and eloquent when presenting complex concepts in a suitable way to both business and technical audiences at all levels within GCT. 
• Demonstrated analytical and investigative skills.
• Knowledge of emerging security trends, threats and practices.
• Knowledge of security and control frameworks such as NIST, COBIT, ISO 27002, ITIL.
• Effectively collaborating with team members to achieve optimal outcomes. 
• Demonstrated experience in the practical implementation and maintenance of security systems
• Current valid Canadian driving license (travel between sites in lower mainland may be required)

The ideal candidate will have in-depth and current experience with the design and deployment of Information Security Infrastructure, the delivery of Infrastructure Security Services, and Enterprise Infrastructure such as: 

• Identity, Federation and Access Management technologies.
• Switching and routing platforms and architectures.
• Cloud based M365 email and business systems
• Next Generation Firewalls, SIEM, IPS, EDR and MFA.
• Vulnerability and network testing platforms.
• Defining security policy and process.
• Ethical Hacking and Penetration Testing.
• Forensics analysis related to Intrusion investigations.
• Delivery of Security Awareness, Training and Education programs.
• Physical Data Centers, device setup and management.
• On and off prem. utilization of cloud-based technologies.
• Operating Systems (Windows workstation and server & Linux).
• Web Servers (both commercial and Open Source based).
• Virtualization technologies (VMWare, KVM or alternates).
• Application development frameworks.
• Modern Programming and Scripting languages (PowerShell, bash, Java, VBA, .net, JavaScript, Python).
• Relational Databases, and other structured data models (Oracle and SQL server).
• Securing OT and communication systems (PLC, SCADA, GPS, Radio data systems – cellular and Wi-Fi).
• Security Policy definition and maintenance.
• Application security system best practices.

Salary Band