Description:
Reporting to the Director, Security Program the Senior Analyst, Security Testing is a critical position at Payments Canada that will manage and execute our Security Testing Program. The Senior Analyst, Security Testing plays an offensive security role that proactively identifies vulnerabilities and ensures the resilience of Payments Canada’s critical financial systems. Instead of just monitoring defenses, this role acts as an "ethical hacker" and simulation coordinator to pressure-test the organization's infrastructure, applications and emerging technologies before real threat actors can exploit them.
| A day in the life Responsibilities of the Senior Analyst, Security Testing includes but are not limited to:
Security Testing
- Design and execute a layered approach to testing for the Security Operations Team which includes tabletop exercises, scenario-based testing, Red Team, Blue Team and Purple team exercises to evaluate and improve detection, response and recovery capabilities.
- Engage in the development and execution of industry-wide annual exercises through the Resilience of Wholesale Payments Systems (RWPS) program to test industry response to cyber-attacks
- Manage annual holistic Penetration Tests against Payments Canada infrastructure.
- Conduct discrete internal red team/blue team testing across all of Payments Canada’s corporate and payment system infrastructure environments in coordination with the relevant stakeholders.
Security Operations
- Validate the effectiveness of security operational controls at the individual and team levels.
- Engage with other business leaders at Payments Canada and within industry as a Security Subject Matter Expert (SME) for planned exercises external to the Security Team.
- Maintain a strong grasp of security strategy, solid security subject matter expertise, and strong interpersonal and communication skills to present recommendations in a compelling manner to all audiences, including technical staff, middle management and partners.
| What you need to be successful
- Post-secondary education, or equivalent experience in computer science, information technology or related fields.
- Minimum five (5) years’ experience in a combination of information systems and information security related roles.
- Minimum of three (3) years of experience in the following areas:
- Experience in conducting Penetration Tests;
- Experience in Vulnerability Testing and Vulnerability Management.
- Minimum of one (1) year of experience testing AI/ML applications or working with Adversarial AI frameworks (e.g., MITRE ATLAS).
- Ability to identify and understand cyber threats and trends and apply security knowledge to strengthen defenses including protective, detective, and compensating controls.
- Ability to employ Offensive cyber techniques.
- Knowledge of exercise design and execution (with a focus on Red, Blue and Purple Team Exercises).
- Deep understanding of the OWASP Top 10 for LLMs (Large Language Models) and the MITRE ATLAS™ framework (Adversarial Threat Landscape for Artificial-Intelligence Systems).
- Possesses an in-depth understanding of various testing methodologies (i.e. OWASP Web & Mobile testing methodologies, CREST, etc.).
- Eligibility to obtain and maintain a Government of Canada Reliability Clearance and successfully complete enhanced background checks that may be carried out by Payments Canada.
| You will really stand out with
- Knowledge of and experience in intelligence tradecraft, international threats impacting the financial sector.
- Possess or are in the process of obtaining at least one of the following industry certifications; CPTS, OSCP, GXPN or equivalent.
- Knowledge of and experience in the Canadian Financial services or Payments industry.
- Bilingualism (English and French).