Closing Date: Open Until Filled

BCI is working with an external recruitment firm. Please do not submit your application directly to BCI. Applications submitted through this site will not be reviewed.

To explore this opportunity, please contact Boyden . Only qualified candidates who match the requirements will be contacted.

We're looking for a Security Engineer to contribute to our growing security program!Invest in your career at BCI; this exciting opportunity will provide career growth opportunities as you gain new security skills during your work.

Join a world-class team of professionals working together to ensure over half a million British Columbians have a financially secure future.

THE OPPORTUNITY

In this role, you will contribute to developing security requirements and designing and implementing security solutions. BCI's Cyber Security Team is the source of expert cyber security advice, guidance, security operations, technical services and support that defends BCI against all cyber security threats. You will collaborate closely with business partners in an Agile environment, enabling the effective and efficient delivery of secure, quality products.

The position can be based in either Vancouver or Victoria, with occasional travel between the two cities (paid for by BCI). This role is targeting a Level 2 or Level 3 candidate.

• Level 2 : Responsible for cyber security and risk analysis and operations and contributes to projects with a low-to-mid level of complexity and stakeholder engagement, typically acquired through 5+ years of experience. Works independently and has a professional level of competency within the role.

• Level 3 : Responsible for cyber security risk analysis and operations and leads projects with a mid-to-high level of complexity and stakeholder engagement, typically acquired through 8+ years of experience. Works independently, provides guidance and training to others, and has an advanced level of competency within the role.

WHAT YOU BRING

The following qualifications illustrate a standard Level 2 and may be scaled up in scope and depth of expertise or experience based on the level selected.

• Bachelor's degree in Engineering, Computer Science, or a related technology field

• A minimum of 5 years of experience in progressively senior technical roles with responsibility focused on information security processes, products, and projects

• Expert knowledge in engineering secure systems

• Experience with securing cloud environments

• Must have excellent documentation, customer service, listening, communication and problem-solving skills

• Must be able to implement programs and integrate security technologies and solutions to measure and sustain the security posture of large, complex environments

• Experience with Agile methods (Scrum) and DevOps practices

• Professional certifications such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Information Security Manager (CISM) or equivalent experience is essential

TECHNICAL SKILLS REQUIREMENTS

Applicants should be able to explain on their resume the technologies with which they have non-technical and technical expertise.

• Identity and access management systems for hybrid environments

• Secure coding and secure infrastructure as code

• Systems engineering

• Threat modelling

• Security project delivery

• Windows and Linux operating systems security, virtualization technology security, container security and serverless computing security, hardening systems against CIS Benchmarks

• Privileged access management systems experience for hybrid environments

• EDR and other endpoint protection technologies

• Firewall, intrusion protection and intrusion detection systems

• Conditional controls

• User and entity behaviour analytics (UEBA) systems

• SOAR and security integrations

• Zero Trust architecture, Zero Trust Network Access systems, Zero Trust application publishing

• Cloud Native Application Protection Platform (CNAPP) systems and Cloud Security Posture Management (CSPM) systems

• Secure application design principles

• Data Classification and DLP solutions

• Enterprise vulnerability management, including vulnerability assessment, remediation, and reporting

• Microsoft Azure security engineering and best practices

• Various networking technologies, including subnetting, NAC, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods

• CIS Critical Controls

• Security governance

• Incident response

• Phishing and social engineering experience

• Red or Purple Team experience

WHAT YOU GET TO DO

The following responsibilities illustrate a standard Level 2 , which may be scaled down or up in leadership, complexity, and autonomy based on the selected level.

• Helping others solve problems and perform root cause analysis

• Expert security advice: Product security reviews, secure design consultation, threat modelling, security design reviews, Privacy Impact Assessments, network design reviews, application security

• Security operations: Incident response, security investigations, security alerting, security reporting, security support

• Vulnerability management: identify, remediate, and mitigate vulnerabilities impacting BCI

• Consultation, system hardening consultation

• Writing security directives: Documenting security requirements for BCI

• Administrating security infrastructure: BCI's networks, remote access, endpoint detection and response, identity and access management, multi-factor authentication, security logging and vulnerability scanning

• Security awareness, security training, security orientations

• Integrates security systems together and designs conditional access systems

• Ability to communicate complex security issues and develop security user stories in the language that non-technical stakeholders can understand

• Ability to solve security problems in a technology project's lifecycle

• Proactively identifies problems and raises solutions

• Performs validation and tuning of security testing tools to provide accurate and actionable results that drive improvements to BCI's overall security posture

• Performs security monitoring of solutions and serves as a subject matter expert during security incident response events

• Undertakes special projects or assignments as required

• Ability to document designs as well as produce technical reports in support of security initiatives

• Performs other related duties as required

THE BCI TECHNOLOGY TEAM

BCI's Technology Department plans, provides, maintains, and supports business applications and information technology infrastructure. The Technology department is foundational to BCI - working as a strategic partner to provide technology that supports investment processes and all other business activities.

Hear from some of BCI'ers about their thoughts on being a part of the Technology team: Join our Technology team: bci.ca/careers

WHERE YOU WILL WORK

• Work from either our downtown Victoria or Vancouver office. With 4 days per week in office and one from home.

SALARY RANGE

BCI offers a competitive total rewards package which includes a performance-based incentive plan, comprehensive health & dental benefits, a defined benefit pension plan and paid time off.

The annualized base salary range for this Victoria or Vancouver-based role is CAD $115,000 to $135,000.

The base salary offered to the successful candidate will consider a wide array of factors including but not limited to the individual's skill set, level of experience applicable to the role they are being offered and consideration to internal equity.

We pay our people competitively in the markets in which we compete for talent and with consideration to internal equity and job structure. We aim for actual pay to be around the median of the market for target or expected levels of performance, and around the upper quartile of the market for excellent performance.

Actual salaries may vary and may be above or below the range based on various factors, including, but not limited to, experience and expertise.

WHY APPLY TO JOIN BCI

With our values as our anchor, it's our people that help shape employee-focused initiatives and who create the environment we work in each day – all of which further strengthens our culture. BCI has been recognized as one of Canada's Top 100 Employers – for the fifth consecutive year - and has built programs and benefits to support all our employees, including;

• Extended health and dental coverage, start on your first day of work. We have you covered!

• Our telehealth provider Dialogue connects you and your family to virtual healthcare appointments.

• Eligibility to the defined benefit BC Public Service Pension Plan providing you with a secure retirement income.

• Time off includes: 20 days vacation, 6 paid sick days, 6 paid personal days, and 2 paid days for volunteering – to support physical, mental, and community health.

• Work one day per week from home, plus an option to work from anywhere for up to one month each calendar year.

• Annual wellness allowance to support an active lifestyle as well as physical well-being when working at home.

• On-going learning through our in-house mentoring program, professional dues support, tuition reimbursement, and online and in-house learning.

• Relocation support is available if a move to one of BCI's locations is required.

• Invested in your learning: BCI investment professionals lead a monthly Investment Club to share industry knowledge with employees who work in other departments.

We are performance and client focused and value integrity; if you share these values, we want to know you.

We recognize that some skills can be learned on the job and encourage all to apply.

If you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations), please let us know.

We would like to hear from you!

#J-18808-Ljbffr