Senior Information Security Specialist (03-2258)
Atlantic Lottery (AL) is a leader in Atlantic Canada's gaming and entertainment industry. Today they are more committed than ever in accelerating their transformation to become a next generation digital gaming experience company. To ensure sustainable growth and continued prosperity for the Atlantic Provinces, they are laser focused on broadening and diversifying their player base to remain relevant and competitive, enabled through a focus on modern player-centric experiences across existing and new products and platforms.
We're on a mission to ensure that all our players have fun, dream big and play responsibly one player experience at a time and we're looking for team members who share that same passion. Our culture is built on a shared commitment to do what's right for our customers, our people, and our communities.
Atlantic Lottery is seeking a Senior Information Security Specialist. Location is flexible within Atlantic Canada with occasional travel to Moncton, NB.
As our Senior Information Security Specialist, you are accountable to design and develop the vulnerability management program for AL which manages the vulnerabilities to AL's infrastructure, applications and networks. The program will provide continuous vulnerability assessment and penetration testing of AL applications, computer systems and networks. You will lead the Vulnerability Assessment Review Board (VARB) that reports on AL's risk posture to Executive which ensures identified vulnerabilities are addressed to maintain AL's security posture.
- Perform hands-on security testing of applications, networks and infrastructure.
- Identify and group systems into logical testing groups with assigned levels of risk and recommended testing schedules.
- Develop and maintain a system to actively monitor AL systems for vulnerabilities, review and report on findings.
- Conduct full-scope vulnerability assessment and penetration testing.
- Interface with our vendors, internal IT department and executives, to conduct threat-informed risk assessments, full-scope penetration tests including physical, network, RF and social engineering elements and provide reports.
- Lead and conduct penetration testing and vulnerability assessments of systems/networks while actively defeating various security technologies.
- Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
- Develop scope and requirements for the engagement of 3rd party assessment vendors for both vulnerability assessment and penetration testing as part of an overall structured program.
- Develop and lead the VARB with regular meetings including vendors to review current vulnerabilities and develop action plans.
- Provide professional penetration testing, vulnerability services and advice.
- Manage vendor/IT accountabilities for identified vulnerability remediation.
- Define and lead outsourced contractors for contracted assessments and the deliverables.
What we can expect from you:
- You have extensive technical computer/network knowledge and understanding of computer hardware, software, networks, communications and connectivity
- You are proficient with using scan/attack/assess tools and techniques, including proficiency in at least one of the following frameworks: Metasploit, Core Impact, Immunity Canvas
- You are proficient at conducting full-scope assessments and penetration tests including social engineering, server and client-side attacks, protocol subversion, physical access restrictions, web application exploitation
- You are proficient at configuring, running, validating and contextualizing the findings of vulnerability discovery tools such as Nessus, Burp Suite, Web Inspect, SAINT, NeXpose, Retina, Nipper.
- You have an understanding of and experience with either executing or defending against complex, targeted cyber threats to high-value systems and data
- Strong listening, communication, and collaboration skills.
- Ability to understand complex infrastructure designs.
- Excellent research ability and knowledge update on the security trends and attacks.
- Networking - Can read complex logical and physical networking diagrams
- Infrastructure - Understands infrastructure diagrams and components like SAN, Physical Servers and virtual servers.
- Applications - Understands application design, middleware and types of coding used to create the applications.
- Ability to explain technology risks; including XSS, CSRF, Injection attacks introduced by application vulnerabilities to a system's Business Owner.
- Ability to quickly adapt to changing priorities and demands.
- Excellent knowledge of information security processes, response procedures, and various attack methods used for information theft or network intrusion.
- Knows how to use the penetration testing/vulnerability assessment methodologies and build the program based on this knowledge which is attained from the SANS GIAC Certified Penetration Testing.
- Ability to understand vendor contracts and the accompanying Service Level Agreements related to patching and vulnerability remediation.
- Ability to manage multiple stakeholders internally and externally to achieve results for the program.
- Understanding of potential issues (political, influence) internally and within vendor organizations in order to provide solutions.
You should apply if you have the following:
- 7+ yrs. of experience in a security position including vulnerability assessments and penetration testing.
- A university degree in Computer Information Systems, Computer Science or equivalent experience.
- Experienced and proficient at exploiting vulnerabilities in computer systems, networks and applications.
- Possess a GPEN and/or GWAPT certification.
- Experience with the NIST Risk Management Framework
- Experience with OSSTMM 3, NIST SP800-15, Penetration Testing Framework
Awesome if you had:
- Industry information security certifications would be considered an asset (e.g. CISSP, CISM, CompTIA Security+, CEH, GSEC).
Benefits for this role:
- Extended health coverage that includes medical, dental, and vision.
- Basic life insurance, disability, and wellness programs.
- Defined Benefit Pension Plan.
- Four weeks of vacation annually (pro-rated) plus one week of management leave (pro-rated).
- Three personal leave days per year.
- Two volunteer days per year.
- Short-term incentive program based on personal and corporate performance.
- Career advancement opportunities.
Recruitment Process: COVID-19 has accelerated change across our workplace, including our hiring practices! As a result, throughout your application process, you may be asked to connect with us virtually, and may not be required to meet in-person. All interviews are conducted in English, our working language, unless otherwise stated.
Health and Safety: AL is committed to ensuring the health, safety, and wellbeing of our employees. Therefore, AL will require employees for whom the COVID-19 vaccine is authorized by Health Canada, to be fully vaccinated against COVID-19 and submit either proof of COVID-19 vaccination or receive a valid exemption by Jan. 14, 2022.
Internal Employees: Internal Employees interested in this opportunity must be in "good standing," which entails meeting expectations on their previous performance review. Performance Improvement plans, disciplinary action memos, attendance, training and other performance related memos will be taken into consideration as well, when determining the applicant's "good standing" status.
Work With Us
We are proud, gritty, community-minded, and punch above our weight. Being Atlantic Canadian means that we work hard and we know how to have fun. It also means that we genuinely care for each other as co-workers, neighbours, and friends.
Now that you can work from anywhere, your best life is waiting in Atlantic Canada. At Atlantic Lottery, you can choose to live and work in any of our four Atlantic provinces.
What you can expect from us:
Our Mission is to offer great gaming experiences for the benefit of all Atlantic Canadians. Everyone at Atlantic Lottery embraces our Core Values of Integrity & Social Responsibility. #ProudtobeAL
Our Operating Principles help guide us;
- Customers lead our priorities;
- Always think differently;
- Be fast and nimble;
- We are all leaders and;
- Team matters.
We are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodations), please let us know and we will work with you to meet your needs.
We provide a comprehensive Total Rewards Program including bonuses and flexible benefits/pension and competitive compensation with plenty of training.
What Is Next?
- Love what you see so far? Simply press "Apply Now".
- Not the right fit this time? Follow us on our careers page at www.alc.ca!
We thank all applicants for their interest, however, only those selected for an interview will be contacted. Please note that the successful candidate will be subject to reference and criminal background checks prior to employment.
Please note - Must be 19 years of age or older to apply.