Job Description

Company Description

ADGA provides strategic vision, world-class technology and service excellence in the areas of defence, security and enterprise computing to clients in the federal government, other levels of government and the private sector. In a world dominated by convergence, ADGA provides the expertise and innovation that organizations need to stay safe, efficient and productive. This is based on an exceptional balance sheet built since 1967, protecting some of Canada\'s most critical assets. Headquartered in Ottawa, with offices across Canada, ADGA is a privately owned Canadian company employing more than 800 employees, technical consultants and subject matter experts.



ADGA is hiring a Senior Cybersecurity Engineer to assist the System of Training & Operational Readiness Modernization (STORM) project with the development and evaluations of proposed high-level business architectures and business solutions.

The Senior Cybersecurity Engineer will perform tasks in support of the Directorate Project Delivery \xe2\x80\x93 Command and Control (DPDCC), on an as and when requested basis, which may include, but are not limited to performing the following tasks: * Review, analyze, and/or apply Federal, Provincial or Territorial IT Security policies, System IT Security Certification & Accreditation processes, IT Security products, safeguards and best practices, and IT Security risk mitigation strategies as they apply to the STORM project;

• Identify threats to, and vulnerabilities of the proposed network and security architecture which includes both wired and wireless architecture, and encompass UNCLASS, CLASS and Top Secret domains;
• Identify personnel, technical, physical, and procedural threats to and vulnerabilities of Federal, Provincial or Territorial IM/IT applications and systems;
• Develop reports such as: Data security analysis, Concepts of Security, Statements of Sensitivity (SoS), Threat assessments, Privacy Impact Assessments (PIAs), Non-technical Vulnerability Assessments, Risk assessments, IT Security threat, vulnerability and/or risk briefings;
• Conduct Certification activities such as: Develop Security Certification Plans; verifying that security safeguards meet the applicable policies and standards; validating the security requirements by mapping the system-specific security policy to the functional security requirements, and mapping the security requirements through the various stages of design documents; verify that security safeguards have been implemented correctly and that assurance requirements have been met (this includes confirming that the system has been properly configured, and establishing that safeguards meet applicable standards); conduct Security Testing and Evaluation (ST&E) to determine if the technical safeguards are functioning correctly; and assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk;
• Conduct Accreditation activities such as: review of certification results in the design review documentation by the Accreditation Authority to ensure that the system will operate with an acceptable level of risk and that it will comply with departmental and system security policies and standards and identify conditions under which a system is to operate (for approval purposes). This may include the following types of approvals:

• Developmental approval by both the Operational and the Accreditation Authorities to proceed to the next stage in an IT system\'s life cycle development if sensitive information is to be handled by the system during development;
• Operational written approval for the implemented IT system to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards; or
• Interim approval - a temporary written approval to process sensitive information under a set of extenuating circumstances where the risk is not yet acceptable, but there is an operational necessity for the system under development; and
• Develop and deliver training material relevant to IT Security TRA and SA&A process;
• Review and provide comments related to IT Security TRA and SA&A; and
• Perform other related services as required by the Technical Authority.

Qualifications

• Must have one of the following:

• An Engineering or Science degree from a recognized Canadian University;
• A non-Canadian Engineering or Science degree that must be accredited by one of the following institutions:

• Canadian Information Centre for International Credentials (CICIC);
• World Education Services (WES); or
• University of Toronto Comparative Education Services.
• A diploma or certificate, minimum 2 years from a recognized college in an Information Management/Information Technology (IM/IT) field;
• A recognized security certification such as one of the following:

• CISM \xe2\x80\x93Certified Information Security Manager;
• CRISC \xe2\x80\x93 Certified in Risk and Information Systems Control;
• CISSP \xe2\x80\x93 Certified Information Systems Security Professional.
• Must demonstrate a minimum of 10 years of experience within the last 20 years as an Information Technology Security Engineer.
• Must demonstrate a minimum 5 years of experience within the last 10 years providing IT Security TRA and C&A services.

Must demonstrate a minimum 5 years of experience within the last 10 years applying Secure IT architecture fundamentals, standards, communications and security protocols for Data-at-Rest (DaR) and Data-in-Transit (DiT) of sensitive information such as IPSec, IPv6, SSL, and SSH, and analyzing IT Security Tools and techniques.

Must demonstrate a minimum 5 years of experience within the last 10 years of developing and recommending organization security strategy, a set of security standards and best practices, and recommending security enhancements to management for protected data.

Must demonstrate experience within the last 2 years with emerging technologies in cybersecurity and security features available on the market.

Additional Information

ADGA commits to putting diversity into action to build a stronger, more representative team and help our customers and communities thrive. We are a proudly Canadian company, striving to further diversity, equity, and inclusion in the workplace and provide every individual with the opportunities and resources to help them reach their full potential.

Since being acquired by Commissionaires Ottawa, ADGA has adopted the social mandate of Commissionaires to create meaningful employment opportunities and generate financial resources for veterans of the CAF, RCMP, their families, and fellow citizens who share a passion to contribute to the security and well-being of Canadians.

ADGA s\'engage \xc3\xa0 mettre la diversit\xc3\xa9 en action pour b\xc3\xa2tir une \xc3\xa9quipe plus forte et plus repr\xc3\xa9sentative et aider nos clients et nos communaut\xc3\xa9s \xc3\xa0 prosp\xc3\xa9rer. Nous sommes une entreprise fi\xc3\xa8rement canadienne. Nous nous engageons pour promouvoir la diversit\xc3\xa9, l\'\xc3\xa9quit\xc3\xa9 et l\'inclusion dans le milieu de travail et d\'offrir \xc3\xa0 chaque personne les possibilit\xc3\xa9s et les ressources qui lui permettront de r\xc3\xa9aliser son plein potentiel.

Depuis son acquisition par Les Commissionnaires Ottawa, ADGA a adopt\xc3\xa9 le mandat social de Les Commissionnaires qui consiste \xc3\xa0 cr\xc3\xa9er des possibilit\xc3\xa9s d\'emploi significatives et \xc3\xa0 g\xc3\xa9n\xc3\xa9rer des ressources financi\xc3\xa8res pour les anciens combattants des FAC, de la GRC, leurs familles et leurs concitoyens qui partagent la passion de contribuer \xc3\xa0 la s\xc3\xa9curit\xc3\xa9 et au bien-\xc3\xaatre des Canadiens.

ADGA