Cybersecurity Analyst I, Applications - Jobs in Vancouver, BC

Job Description

Staff - Non UnionJob CategoryM&P - AAPSJob ProfileAAPS Salaried - Information Systems and Technology, Level CJob TitleCybersecurity Analyst I, ApplicationsDepartmentOCIO | Solutions Security & ArchitectureCompensation Range$5,906.25 - $8,508.42 CAD MonthlyThe Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.Posting End DateNovember 14, 2022Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.Job End DateApr 30, 2023Job Description SummaryThe Cybersecurity Analyst I, Applications contributes to the design, implementation, configuration and ongoing management of application vulnerability scanning and notification solutions based on business, security, and privacy needs. This position monitors and responds to threats and vulnerabilities by alerting application owners and escalating validated critical or high risk items to management. They are also responsible for the ongoing administration, development, and maintenance of the Cybersecurity internal communications web platform.A fixed schedule is set for this role but flexibility is required as some work must be performed outside of regular business operating hours. This position may be required to participate in an on-call rotation schedule.Organizational StatusReports to the Senior Manager, Solutions Security and Architecture. Works independently and jointly within the Solutions Security and Architecture team. Collaborates with management and staff from all sections of the Chief Information Security Officer portfolio, Information Technology, other administrative and academic offices, and faculty to coordinate application support. Interacts directly with other University technology professionals.Work PerformedSpecific duties:

• Gathers information from application and system owners to assist in application and application platform vulnerability and threat risk analysis.
• Implements, administers, and supports web application vulnerability scanning tools.
• Consults with users to determine their cybersecurity needs, analyzes and reviews existing security solutions features and requirements.
• Works directly with application and system owners to perform web application vulnerability scans, including performing pre-scan risk assessments to determine suitability for same.
• Reports on vulnerabilities in web applications for system owners and administrators, provides recommendations for mitigation, and may assist with mitigation where necessary.
• Manages and maintains ongoing Cybersecurity-initiated web application vulnerability scans against high-risk and/or high-value targets.
• Works with web application firewall administrators to define and test web application firewall rules to mitigate identified vulnerabilities.
• Manages, develops, maintains, and keeps secure the Cybersecurity internal communications web platform.
• Monitors external threat and vulnerability feeds to identify new vulnerabilities directly applicable to applications and application platforms in use by the University.
• Provides timely detection, identification, and alerting of possible web application vulnerabilities.
• Implements and supports host-based web-specific security solutions to secure web hosting environments.
• Notifies designated managers of new or suspected critical or high risk vulnerabilities in enterprise systems.

Core duties:

• Consults with users to determine their cybersecurity needs, analyzes and reviews existing security solutions features and requirements.
• Contributes to the research, design, development, and implementation of new or enhanced cybersecurity solutions to meet current and future needs.
• Contributes to reviews of current support processes and methods of service delivery in order to improve security and customer experience.
• Conducts testing to ensure solutions meet specifications.
• May work directly with application owners and developers to patch vulnerabilities in applications and systems.
• Documents functions and changes to new or modified solutions, tests activities/results, error handling and backup/recovery procedures.
• Collaborates with peers/team members to identify, analyze, recommend and implement changes that will improve the security and privacy of existing information systems.
• Assists with educating members of the UBC community on established web application security best practices.
• Maintains inventory of web applications, supporting systems, and implemented threat and vulnerability mitigation solutions.
• Contributes to the analysis and review of functional requirements, system features, integration requirements, security requirements, and scalability and performance requirements. Provides input to technology recommendations for new and changing application protection requirements.
• Investigates and remains current with industry technology trends in the Web Application Security field such as: web application firewalls, web application vulnerability scanners, web application development, web applications middleware, etc.
• Assists in integrating newly developed or procured supplied solutions with existing cybersecurity infrastructure and solutions through standard interfaces and protocols.
• Develops, maintains, and integrates specialized security tools and scripts to automate and improve processes, monitor services, extract and convert data.
• Develops expertise in the functionality of vendor product(s). Works directly with the vendor s technical support centre in order to resolve product issues.
• Provides ongoing maintenance and operational support for cybersecurity solutions.
• Develops and maintains technical documentation, including operational procedures and guides, architectural diagrams, data flow diagrams and knowledge base articles.
• Contributes articles and technical reference guides to established cybersecurity communication channels for widespread IT consumption.
• Follows appropriate source control and change management methodologies and best practices.
• Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity techniques and tools.
• Participates in project planning and implementation.
• Builds and maintains good working relationships and collaborates with others to achieve cybersecurity and business objectives.
• Assists with educating members of the UBC community on UBC Information Security Standards.
• Performs other related duties as required.

Consequence of Error/JudgementEffective application security is essential for UBC to deliver secure services to the broad UBC community. Decisions and actions taken by the incumbent will have a direct impact on how secure UBC systems are from attackers, how available they are to the community, and a secondary impact on how UBC systems perform and function. Errors in judgment, poor analysis, or failure to act decisively could have a detrimental effect on the security and availability of these systems. Insecure systems could lead to system downtime or a data breach. In addition to damaging the reputation of Information Technology and UBC, a breach could also adversely impact the University community, including the large majority of students, faculty and staff, and could have a significant impact on funding and revenue.Supervision ReceivedWorks under the general direction of the Senior Manager, Solutions Security and Architecture and may receive direction from senior technical staff as assigned. The Cybersecurity Analyst II must be able to work independently as well as contribute actively and collaborate openly as a team member.Supervision GivenMay oversee day to day work on a project basis of less experienced cybersecurity or IT professionals.Preferred QualificationsUndergraduate degree in a relevant discipline.Minimum of three years experience or the equivalent combination of education and experience.- Experience supporting and securing web applications.

• Experience with application development experience.
• Experience supporting, securing, and remediating web applications is an asset.

- Experience with incident, request, and change management in a large, complex environment is an asset. - Strong knowledge of OWASP ASVS web application security standards, and ISC CSSLP domains.

• Familiarity with the following tools and technologies: Netsparker, BIG-IP, Kerberos, Shibboleth, Bluecat, DNS, LDAP, OAUTH, Kerberos, SAML, SQL, PHP, Python, Shell Scripting, Apache, Weblogic, ServiceNow, HTTP, TLS, JSON, REST, Git, WordPress, and x509 certificates.
• Knowledge of web and mobile development technologies, frameworks, and platform architecture, Internet software standards, and services.
• Thorough understanding of cybersecurity fundamentals.
• Knowledge of web and mobile development technologies, frameworks, and platform architecture, Internet software standards, and services.
• Knowledge of past and current desktop and mobile browser standards and cross platform compatibility, common plugins/helper applications and related development issues.
• Strong working knowledge of web application authentication, protocols, and data transmission methods. Knowledge of common version control tools, and standard office productivity tools.
• Proficient knowledge of UNIX command line and general usage.
• Willingness to raise security concerns regardless of ownership and potential impact.
• Ability to effectively manage multiple tasks and priorities and work under pressure to meet time sensitive and mission critical deadlines.
• Ability and desire to take initiative at all times, tempered with the ability to exercise judgement about seeking input and advice from others.
• Ability to work independently, as part of a team, and cross functionally.

- Ability to work collaboratively with staff at all organizational levels.Collaboration - Takes initiative to actively participate in team interactions. Without waiting to be asked, constructively expresses own point of view or concerns, even when it may be unpopular. Ensures that the limited time available for collaboration adds significant customer value and business results.Communication for Results - Converses with, and writes to, peers in ways that support transactional and administrative activities. Seeks and shares information and opinions. Explains the immediate context of the situation, asks questions with follow-ups, and solicits advice prior to taking action.Problem Solving - Investigates defined issues with uncertain cause. Solicits input in gathering data that help identify and differentiate the symptoms and root causes of defined problems. Suggests alternative approaches that meet the needs of the organization, the situation, and those involved. Resolves problems and escalates issues with suggestions for further investigation and options for consideration as required.Accountability - Checks assumptions about mutual expectations and clarifies standards of overall performance. Checks the scope of responsibilities of self and others. Monitors day-to-day performance and takes corrective action when needed to ensure desired performance is achieved.Business Process Knowledge - Defines routine, integrated processes. Documents processes using basic formal process charting techniques. Applies process definitions and flows to work performed. Identifies process bottlenecks and contributes suggestions for process improvement.Information Systems Knowledge - Possesses a basic understanding of the strategy, structures, processes, and procedures of the enterprise in its relationship with the business and its activities. Troubleshoots in response to requests for technical support. Identifies problems and needs. Escalates problems to appropriate technical experts.Quick Apply

• Terms & Conditions
• New Privacy
• Privacy Center
• Accessibility

For Job Seekers

• Browse Jobs
• Advanced Job Search
• Emplois Quebec

For Employers

• Post a Job
• SimplyHired OnDemand

Stay Connected