Job Description

Description

We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.

The TELUS Health CSO team is committed to providing excellence in securing our internal and customers\' data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry-leading cyber governance, assurance and oversight to secure our data.

We partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast-paced environment.

Here\'s the impact you\'ll make and what we\'ll accomplish together

As a Cyber Security Consultant, you\'ll be keeping TELUS Health safe and protected by establishing, operating and maintaining security controls and processes, conducting security investigations and incident response. You\'ll be part of a global team operating across multiple time zones supporting our clients across all TELUS Health services, solutions, and SaaS products.

What you\'ll do

The role of the security analyst can span all areas of security operations, and interface with security architecture, offensive security, cloud platforms and DevSecOps. The analyst is not expected to perform all of the below, but to have a broad understanding and expertise to operate across a number of the noted areas of security.

• Security operation - Vulnerability Management

• Gather and document service and product information from application and system owners to assist in threat risk analysis
• Implement, administer, and support web application and infrastructure vulnerability scanning tools working with vendors as required
• Work directly with application and system owners to perform web application and infrastructure vulnerability scans, including performing pre-scan risk assessments to determine suitability for same
• Implement and support host-based web-specific security solutions to secure web hosting environments
• Security assessments through code reviews, automation and security architecture audits
• Manage and implement various types of scanning (SAST, DAST, SCA,IAST, RASP) in TELUS Health CI/CD pipelines and ensure results are appropriately surfaced working collaboratively with developers
• Security operation - Threat management

• Monitor and research external threat intelligence and vulnerability feeds to identify new risks directly applicable to applications and application platforms in use by TELUS Health
• Notify designated product managers of new or suspected critical or high risk vulnerabilities in enterprise systems
• Report on vulnerabilities found in web applications and infrastructure for system owners and administrators, providing recommendations for mitigation. Work with the support teams to prioritize remediation to align with security SLAs
• Security operation - Threat prevention

• Manage and configure web application firewalls working with product development teams to define protection rules to mitigate identified vulnerabilities
• Manage the policy and playbooks interfacing with managed security prevention services spanning EDR, NDR, and MDR
• Manage the policy and implementation for threat prevention tooling spanning at least 3 of the following; endpoint security, network security, identity and access, application security and data security
• Configure and manage Advanced Threat Protection modules within the TELUS Health Unified Threat Management security devices
• Security monitoring and Incident Response

• Work with offensive testing leads and managed security service providers to perform threat hunting activities
• Monitor security events within SIEM, driving the investigation, escalation and triage of incidents
• Act as a security incident response responder in support of cyber incidents

• CSO Security engineering

• Manage, develop, maintain, and keep secure the Cybersecurity internal communications web platform
• Define and implement SIEM and SOAR requirements including onboarding log sources, development of manual and automated alerting and playbooks
• Define and implement tools and processes to drive enhanced threat management, vulnerability management, threat prevention, security monitoring and incident response
• Contribute to the creation and maintenance of security training
• Product Security engineering - in partnership with architecture, cloud security and DevSecOps

• Consult with users to determine their cybersecurity needs, analyze and review existing security solutions features and requirements
• Implement security control automation and checkpoints to detect and prevent security issues early in cycle
• Design tooling and frameworks to make adoption of security best practices easier for developers when working in our code bases
• Product Security design - in partnership with security architecture and offensive security

• Work with engineering and product teams in the design phase of products and features, conducting threat modeling and security architecture, design

What you bring

• Mandatory requirement to obtain Government of Canada secret level clearance
• An insatiable appetite for new and emerging security technologies
• A natural detective-like curiosity about all things cybersecurity and security technology
• Leading security certifications such as CISSP, CISM, CEH, GCIH/ECIH etc
• Demonstrate an in-depth knowledge of a broad range of hardware and software products and SDLC concepts & tools such as DevSecOps, Ansible, Jenkins, Github, etc
• Proven experience in the application security domain with secure OWASP development practices, automating application security testing tools and secure DevSecOps practices
• Experience with SIEM tools such as Splunk and QRadar and SOAR tools
• Experience managing alerts from EDR/MDR endpoint protection
• Knowledge of penetration testing techniques and procedures with industry standard toolsets
• Experience in the creation and update of incident response, playbooks, runbooks
• Experience managing Data Loss Prevention technologies
• Experience with Cloud based security tools (CSPM, CWPP)
• Basic understanding of CI/CD pipelines
• Ability to multi-task and manage competing priorities using sound judgment
• Enjoy team collaboration and information sharing

Nice to haves

• College diploma or university degree in Computer Science or related field
• Experience working on a fast paced security team supporting product/engineering functions, cloud infrastructure, and corporate infrastructure development
• Hands on Threat modeling, security risk assessment experience is a plus
• Bilingual: English and French an asset

A bit about us

We\xe2\x80\x99re a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world.

You\xe2\x80\x99ll find our engaging, high-performance culture personally fulfilling, professionally challenging, and financially rewarding. We\xe2\x80\x99re committed to diversity and equitable access to employment opportunities based on ability. Your unique contributions and talents will be valued and respected here. When you join our team, you\xe2\x80\x99re helping us make the future friendly.

The health and safety of our team, customers and communities is paramount to TELUS. Accordingly, we require anyone joining our team to be fully vaccinated for COVID-19.

Technology Solutions

We\xe2\x80\x99re into seeing where technology can take us, so if you have ever imagined what the future of supply chain management, cybersecurity, the cloud and Internet of Things will look like, we want you to be part of the team that makes it happen.

We are honoured to be recognized

5G
TELUS\xe2\x80\x99s fastest network. 5G enables a superior experience with fast downloads and richer multimedia applications

6
Innovation centres across Canada that bring our team members together with customers, partners, start ups, universities, hospitals and fellow colleagues to tackle some of the biggest technological hurdles Canada will face in the near future.

1
Million active users logging into My TELUS per month (consumer mobility).

Accessibility

TELUS is proud to foster an inclusive culture that embraces diversity. We are committed to fair employment practices and all qualified applicants will receive consideration for employment.

We offer accommodation for applicants with disabilities, as required, during the recruitment process.

Telus