IT Security VA Specialist

Our government client has a requirement for specialist professional services

in the field of IT Security Vulnerability Analysis to assist their Information Protection.

The enterprise information security program addresses these challenges through a range of

programs and services, some of which require enhancement to further fulfill organizational needs.

The IT Security Vulnerability Analysis Specialist will assist in the ongoing enhancement of the

Vulnerability Management Program tailored for its unique operational environments.

SCOPE

The IT Security Vulnerability Analysis Specialist will provide insight and assistance to staff and be

responsible for successful completion of the following requirements listed below :

Work with stakeholders to facilitate the adoption of patching best practices throughout the

enterprise with a primary focus on Enterprise Technologies and Solutions (ETS) and DXC

• Technology patch management authorities;
• Carry out vulnerability scans, reporting findings to management and working with stakeholders
• to resolve critical issues;
• Train staff on enterprise Vulnerability Analysis capability;
• Assist with any vulnerability management activity that arises resulting from networks
• integration activities;
• produce briefing notes and risk assessments concerning vulnerability posture;
• Assist with, and where necessary provide technical leadership for, corporate response activities
• to major, urgent vulnerabilities requiring immediate and comprehensive action;
• Management and coordination of the work and provision of quality control oversight on all
• deliverables;
• Providing weekly progress / status reports, the exact format / template will be provided by the
• technical authority;
• Preparing a record of discussions / decisions resulting from any formal meetings that are held
• related to this work;
• Immediately notifying in writing following format the TA of any issue / problem that may
• impede, delay or negatively impact completion of authorized work;
• Maintaining an electronic library of work in progress, delivered items and reviewed comments,
• and version control thereof in GCDOCS;
• Consulting with the TA, throughout the duration of this contract and provide briefing notes, and
• presentations to management as required by the TA;
• Providing written advice, guidance and recommendations on Information Security (IS) / IT

Security issues as required by the TA, , the exact format / template will be provided by the

• technical authority;
• Participating in working groups and forums as required (within the NCR);
• Providing coordination of input to change management board; and
• Managing and coordinating quality control oversight on all deliverables.

DELIVERABLES

The Contractor must produce the following deliverables in support of the tasks described in section

above. Deliverables must be submitted to the TA for review and comment one week prior to the

completion dates, with any follow-on revisions carried out within two business days of receiving

feedback from the TA.

All deliverables shall be submitted to the TA, in one (1) electronic copy in MS Office format, Atlassian

collaboration tools (including using Confluence and Jira) and reporting capabilities of the provided

systems. All deliverables must be securely stored.

Where suitable in support of the services required :

Process documentation (for example Concept of Operation (CONOPs), other material required in

support of accreditation).

Documented testing methods and analysis tools that will be used to train or share information

with staff.

Briefing notes and risk assessments concerning vulnerability posture using standard office

productivity software from the desktop environment (e.g. PowerPoint

presentations and Word documents).

• Weekly status reports on efforts, deliverables, issues, and risks.
• Report and track project-related activities, status, and progress.
• Record of Decisions (RoD) affecting the outcome of the project are made to include cost, scope,

and timelines. RoD after each meeting and / or telephone discussion where appropriate.

Top Secret Security Clearance (or ability to obtain one)

2) years’ experience within the last five (5) years providing in-depth analysis of vulnerabilities and impacts to key stakeholders of Government of Canada.

• Experience in identification and evaluation of complex business and technology risks, establishment of internal controls which mitigate risks, and related opportunities for internal control improvement.
• Experience with (2) of the following in an On-Site enterprise environment domains :
• NMAP;
• Tenable Network
• Security;
• Qualys;
• Burp Suite; and
• Rapid7
Il y a plus de 30 jours