Security Specialist – Senior

Job title:

Security Specialist – Senior

Company

Cleo Consulting

Job description

Assignment: RQ00261 – Security Specialist – SeniorRequisition: RQ00261Job Title: Security Specialist – SeniorClient: Ontario HealthStart Date: 2025-04-14End Date: 2026-03-31Department: Digital Excellence in HealthOffice Location: 525 University Ave., TorontoBusiness Days: 251.00Location: Remote – All work must be conducted in Canada unless otherwise agreed to by Ontario Health.Public Sector Experience: RequiredMust Haves:

• 5+ years’ experience and strong knowledge with Cloud computing concepts. Microsoft Azure and Amazon AWS PaaS knowledge and experience is highly preferred.
• 5+ years’ experience and knowledge of application security architectures and the purpose of privacy and security controls (e.g. token based authentication and authorization such as OIDC, SAML and OAUTH).
• 5+ years’ experience building and automating security testing.
• 5+ years’ experience and knowledge and understanding of networking, network security and cryptographic algorithms.
• 5+ years’ experience with Threat Modeling.
• Strong communication skills.

DescriptionBackground Information:

• The Central Waitlist Management (FY25-26) initiative aims to digitally enable stakeholders at a provincial, regional and hospital level. Applying a user first approach, requirements will be developed throughout the duration of the initiative.

Desired Skills:

• Bachelor’s in computer science or equivalent work experience.
• 5+ years in IT solutions security role.
• Security code review experience.
• Offensive security experience: red team, penetration testing.
• Certified Azure Security Engineer is an asset.
• CCSP and CISSP Certifications are an asset.

Evaluation Criteria: 100 Points

• Minimum 5 years’ experience as an IT solutions security specialist in Canada, preferably in Ontario – 20 points
• Knowledge and experience with cloud computing architecture and security – 20 points
• Knowledge and experience in threat modeling and vulnerability assessment for architectures and applications – 20 points
• Experience working in the health care industry, specifically in health care IT – 20 points
• Knowledgeable of PHIPA and privacy legislation and how it applies to healthcare IT solutions. – 10 points
• Experience dealing in a complex multi private/public stakeholder environment – 10 points

Deliverables

• Include, but are not limited to:
• Assist with designing product and service security controls.
• Collaborate with engineering teams to perform threat modeling for the proposed architecture.
• Research security vulnerabilities in current architecture and communicate mitigation strategies to impacted teams.
• Engage with engineering teams to perform security reviews of the architecture, design, and code throughout the SDLC process.
• Work with product architects to provide remediation and potential fixes for security issues found from pen tests, static (SAST) and dynamic (DAST) analysis and provide fix recommendations, ensure that findings are addressed.
• Perform ongoing security posture assessments using commercial or native tools to identify and track remediation of cyber risk in cloud environments.
• Contributing security-focused feedback to engineers during all phases of the development lifecycle.
• Report to management and key stakeholders on the product security status.
• Additional Terms
• Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.

Assignment Type:

• This position is currently listed as “Hybrid”. The resource under this request will be required to work onsite as per Hiring Manager sole discretion. All work must be conducted in Canada unless otherwise agreed to by Ontario Health.

Expected salary

Location

Canada

Job date

Tue, 25 Mar 2025 23:27:41 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (hiring-jobs.com) you saw this job posting.