|As the third largest City in British Columbia, Burnaby covers an area of 98.6 km2 and is also the geographical centre of Metro Vancouver. With this size also comes a great responsibility to the citizens and City staff to continue to make Burnaby the best place to live, learn, work and play.
Reporting to the Deputy Director – IT Infrastructure, the Senior Infrastructure Security Analyst is the senior technical role responsible for implementing, deploying, leading, developing, and supporting IT security solutions at the City. The incumbent also supervises the work of a small group of infrastructure security staff and directs the work of project staff; is responsible for securing City systems, information, and related infrastructure, including the configuration and deployment of security software and hardware and troubleshooting related systems; evaluates, acquires, and implements security-specific and business technology; acts as project leader for matters related to infrastructure hardening, certification, and accreditation of IT systems; creates and maintains project-related documents; oversees the functional and operational configuration and administrative tasks related to the hardening of IT infrastructure systems, desktops, operating systems, servers, network equipment, security equipment, and other City systems; serves as the infrastructure security subject matter expert; develops, recommends, and implements changes to security policies and practices; works to advance cooperation across organizations and between cyber security operational partners; aids the integration of partner cyber teams by providing guidance, resources, and collaboration to develop best practices and facilitate organizational support for achieving objectives in integrated cyber actions; performs related work as required.
The role requires the ability to: architect and implement complex technical solutions; plan, assign and supervise the work of a small group of subordinates; act as project lead, engage and communicate with a variety of audiences, both technical and non-technical; explain complex concepts, systems and technical topics to others who may have minimal technical knowledge using oral, written and visual presentations; establish and maintain effective working relationships with a variety of internal and external contacts; monitor the security of the City’s computer networks, to investigate and resolve problems and to implement remedial actions; apply cybersecurity and privacy principles to organizational requirements (related to confidentiality, integrity, availability, authentication, non-repudiation); conduct vulnerability scans and recognize vulnerabilities in security systems; assess security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, PCI, etc.)
Qualifications include a degree in Computer Science and five years of related experience in information security including experience with hardening systems and performing audits, security, vulnerability, penetration tests, assessments, and evaluations; or an equivalent combination of education, training, and experience. This role requires thorough knowledge of infrastructure security concepts, practices, and techniques. The role also requires strong analytical, organizational, and time management skills. Experience with PCI DSS is an asset. Technical experience with firewalls, intrusion prevention and detection systems, SEIM systems, network segmentation is preferred; as is completion of CISSP and/or CCSP certification.