IT Security Analyst

About BVD Group

BVD Group is a leading Canadian family business, established in 1999, specializing in fuel services. Originating from a single gas station in Ontario, it has grown to become Canada's largest fuel network, serving thousands daily across North America. The company offers comprehensive fleet card programs, loyalty options, and credit solutions, supporting businesses of all sizes with over 850 partnering locations. Additionally, BVD Group empowers the supply chain through its BVD Capital division, ensuring timely delivery of North American goods. Their commitment to customer support and business growth makes them a top choice for truck drivers, road trippers, and commuters. Join BVD Group at their Brampton location for rewarding opportunities and be a part of their growing success!

Job Description

We are looking for an IT Security Analyst responsible for overall vulnerability management, application hardening, and complete security analysis of project phases. The IT Security Analyst is also responsible for ensuring that the final deliverable of a software development project meets all the intended security and hardening needs of the business. The IT Security Analyst will need to be able to understand the SDLC and Agile models and what their specific activities are to manage an application development project from an ethical hacking and security perspective. The IT Security Analyst will deliver a solid set of security requirements and documented artifacts to understand the project standards. The IT Security Analyst will develop and implement solid security test plans and ethical hacking test cases/scenarios to accurately test all aspects of the system and to maintain detailed and accurate documentation per all project standards. The successful candidate will have the opportunity to work on multiple IT projects based on their performance.

Job Requirements

- Develop, manage, and lead various security projects to include development and management of security project plans

- Ensure all projects align with global security standards including ISO/IEC 27001, NIST CSF, and CIS Benchmarks

- Interpret and analyze data from multiple security tools and sources, including IDS alerts, firewall logs, web/application logs, and network traffic, to detect Indicators of Compromise (IoCs) and malicious Tactics, Techniques, and Procedures (TTPs)

- Review security alerts for relevancy and urgency, provide tuning recommendations, identify and respond to sophisticated threats, and conduct risk assessments

- Perform requirements gathering and analysis utilizing OWASP ASVS (Application Security Verification Standard) to ensure secure-by-design principles are established before development begins

- Effectively manage security project efforts, to include project plan, scope, time management (activities & task planning), QA, and security testing/penetration testing.

- Develop and implement security test plans/scenarios to ensure successful and secure delivery of a project

- Lend support to various business and technology teams as necessary during project delivery, specifically regarding O365, Azure, AWS, and security tools

- Communicate effectively in both verbal and written form, with an emphasis on clear and concise risk-based reporting

- Accurately determine, assign, track, and manage project task, activity, documentation, and time information per internal standards

- Accurately assess the risks associated with each solution design/project, focusing on software and application hardening

- Effectively manage multiple priorities in a high-pressure environment

- Act as project manager on business-facing security initiatives

- Conduct post-project security evaluation and verification of remediation

Qualifications

- 4-7 years of experience in cyber incident response within an Incident Response or Security Operations Center (SOC) team

- 3-5 years of experience working as an Ethical Hacker, performing penetration testing and vulnerability research

- Minimum of 5 years of relevant IT experience or an equivalent combination of experience plus at least 3 years performing Security Engineering or Planning Operations

- Working knowledge of the SDLC, Agile, and Waterfall models/methodologies

- Strong understanding of security principles, practices, tools, and techniques used by cybersecurity teams

- Familiarity with offensive and defensive technologies (e.g., SIEM, EDR, firewalls, IDS/IPS, BURP Suite, Nessus, NMAP) and knowledge of programming languages and operating systems (e.g., Python, Kali Linux)

- Skilled in interpreting and analyzing data from multiple sources to detect Indicators of Compromise and malicious TTPs

- Ability to review alerts for relevancy, identify sophisticated threats, and conduct risk assessments with strong analytical skills

- Strong security and systems analysis, test planning, testing, and troubleshooting skills across numerous environments

- Ability to apply common security analysis techniques including threat modeling (STRIDE/PASTA) and attack surface mapping

- Experience in data gathering and facilitation techniques, such as JAD sessions

- Familiarity with regulatory requirements and industry standards (e.g., GDPR, ISO 27001)

- Demonstrated leadership and attention to detail skills at both strategic and tactical levels

- Advanced knowledge and experience with Microsoft Windows and Office 365 security features

- Required/Preferred Certifications: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), CISSP, SANS, or CompTIA Security+

- Knowledge of the Occupational Health and Safety Act, its regulations, and the hazards associated with the work

Education Qualifications

- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; or an equivalent combination of education and work experience

Work Schedule

- 8-hour shift (40-44 Hours/week)

Location

- This is not a work from home or hybrid position and is on-site at our Brampton Office

Job Types: Full-time, Permanent

Pay: $75,000.00-$85,000.00 per year

Benefits:

- Dental care

- Extended health care

- Paid time off

- Vision care

Work Location: In person