Job Description

Position Information



Position Number
S01082


Position Title
Junior Security Analyst


Division/Portfolio
IT Services


Department/Program
IT Administration


Location
Kelowna


Other Flexible Work Options



Your Opportunity
Under the direction of the Manager, IT Security, the Junior Security Analyst is hands-on with daily IT security, networks, operations, and technical teams to ensure Okanagan College manages account access privileges, delivers secure online services, protects sensitive information, and follows security best practices. Additionally, participates in audits, penetration testing, vulnerability assessments, security monitoring, investigation activities, and assists with security advocacy and awareness throughout the organization


Functions and Duties

1. Oversees the College\xe2\x80\x99s Identity and Access Management (IAM)

• Reviews, grants or removes Active Directory (AD) accounts, groups, network access, resource access, device access, application and file share access, configures and manages Single Sign-On (SSO) integration

2. Regularly reviews and tracks security alerts, logs, and notifications

• Monitors security tools, email alerts, data feeds, logs, and notification systems such as intrusion detection systems (IDS), Web Application Firewall (WAF), Security Event Management (SIEM) systems. Investigates anomalies, reports findings and ensures responsive actions are taken to prevent/correct/mitigate

3. Participates in IT Security projects

• Performs, verifies, and assists operational teams with up-to-date device, system, OS, and software patching, security configuration, penetration testing, threat hunting, vulnerability testing and patch verification

• Assists with administrative security audits and assessments. Reports findings to management. Makes recommendations for solutions and assists operational teams to mitigate risk and improve security posture

• Assists with security threat and risk assessments for new projects and technologies. Works with development, project, and operational teams to define and implement security requirements

4. Assists in IT Security processes and makes recommendations

• Participates in incident response and support activities including detection, investigation, mitigation, reporting, and remediation of security problems, incidents, breaches, data disclosure and data privacy issues

5. Helps be a leader and champion for IT Security at the College

• Researches latest vulnerabilities, exploits, security trends and new technology to better protect systems and data. Actively evaluates the internal and external landscape for new threats to OC information security

• Participates and contributes to IT security training and awareness activities. Makes presentations and demonstrations to IT peers, Okanagan College faculty, staff and senior management.

6. Performs other duties as assigned.


Education and Experience

Graduation from a four-year university/college computer science program or equivalent, plus 1-2 years relevant experience or training in cybersecurity or identity and access management

Professional certifications or training in Cybersecurity, Penetration Testing, Networking, or Windows and Linux System Administration are an asset. (Examples: CEH, CompTIA Security+, GIAC/SANS GPEN GSEC, SSCP, CISSP, OSCP)


Skills and Abilities
Cybersecurity, system administration, networking, and Identity and Access Management abilities, including:

• Working knowledge of information security principles, standards, best practices, and industry trends. Familiar with common attack vectors, tools, and mitigation strategies. Able to deploy and use security tools and techniques in daily operations
• Familiarity with Active Directory (AD), Azure AD, Single Sign On (SSO), SAML, OAuth, CAS, and MFA technologies
• System and OS Administration on Windows and Linux servers. Comfortable with system configuration and patching, command line tools, shell/batch scripting (Linux Bash/shell, Windows PowerShell, Python, etc.)
• Exceptional analytical, troubleshooting, and problem-solving skills. Ability to investigate and assess security, network, and software-related issues, analyze data such as logs or packet captures from various sources, identify anomalies, investigate security incidents, system access, functionality, or other troubleshooting
• Ability to participate in security audits, investigations, network and application penetration testing, vulnerability assessments, incident response/management, and general security assessments/testing. Can produce written reports to communicate findings and make recommendations to technical teams and management
• Ability to apply, promote, and advocate for security best practices, standards and data privacy
• Working understanding of web application communication and network protocols, including DNS, TCP/IP, UDP, HTTP/S, SSL/TLS, IP addressing, ports, web sockets, basic firewall and switch configuration
• Exceptionally motivated learning ability. Researches latest security products, trends, malware, exploits, attack vectors and stays up to date with emerging technologies and tools. Actively seeks continuous improvement and professional development
• Strong written, oral, and interpersonal communication skills. Must be able to participate in meetings and group discussions, work effectively with interdisciplinary teams, create formal and informal documentation, and exercise courtesy, professionalism, tact, discretion, and confidentiality with sensitive situations or information
• Highly self-motivated and directed; Ability to work with limited supervision; Ability to work both independently and in a team-oriented, collaborative environment
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Leads by example, creates positive team culture, demonstrates technical and service excellence

Preferred Qualifications



Desired Start Date
05/08/2023


Position End Date (if temporary)



Schedule
Monday to Friday from 8:00 AM \xe2\x80\x93 4:00 PM


Annual Salary/Hourly Rate
$53,953 - $61,693


Appointment Type
Support - Regular Full-time


Special Instructions to Applicants
Shortlisted internal candidates must notify the current Support Staff Bargaining Chairperson and Human Resources if they want a Union Observer during interviews and final selection of candidates.


Employee Group
Support