Analyste en cybersécurité - Cybersecurity Analyst

at  Iceberg Finance Group

QUI SOMMES-NOUS?

Iceberg Finance est une entreprise FinTech très bien positionnée dans le domaine du financement automobile et des prêts personnels à la grandeur du Canada. Sa mission est d’aider une vaste clientèle à obtenir du financement. Proposant des solutions adaptées, Iceberg Finance est reconnue pour ses services de qualité et son professionnalisme.

POSITION OVERVIEW

The Cybersecurity Analyst will play a pivotal role in Iceberg Finance’s cybersecurity strategy. Acting as both an operational and development-focused security expert, the analyst will ensure the company’s systems, applications, and networks remain secure while guiding the team in adopting security best practices. This role offers a unique opportunity to work across various cybersecurity domains and collaborate closely with IT Infrastructure and Development.

MUST-HAVE SKILLS:

• Languages: Bilingual in English and French (spoken and written).
• Experience: 7+ years of experience in cybersecurity or a related field.
• Technical Knowledge:
• Proficiency in security monitoring tools (e.g., SIEM platforms, vulnerability scanners).
• Experience with application security tools (e.g., SAST/DAST, code review tools).
• Knowledge of network security concepts (e.g., firewalls, VPNs, intrusion detection systems).
• Familiarity with cloud security principles and tools for Azure.
• Programming/Scripting: Experience using scripting languages to automate security tasks (PowerShell, Bash or Python)
• Frameworks: Understanding of common security frameworks and standards (e.g., ISO 27001, NIST, OWASP).

SOFT SKILLS:

• Strong problem-solving abilities with a proactive mindset.
• Excellent communication skills to translate technical issues into business terms.
• Ability to work independently and as part of a collaborative team.
• Strong organizational skills to manage multiple tasks and prioritize effectively.

EDUCATION AND CERTIFICATIONS:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• Relevant certifications are an asset (e.g., CompTIA Security+, CEH, CISSP, CISM, or similar).

OPERATIONAL SECURITY RESPONSIBILITIES:

• Monitor and respond to security events.
• Conduct vulnerability scans, analyze results, and coordinate remediation efforts.
• Investigate and respond to cybersecurity incidents, including root cause analysis and mitigation.
• Work with Infrastructure team to implement best practices for: endpoint security, firewalls, and other network security tools.
• Stay updated on emerging threats, malware trends, and vulnerabilities, and recommend mitigation strategies.

DEVELOPMENT SECURITY RESPONSIBILITIES:

• Collaborate with developers to ensure secure coding practices and adherence to best practices.
• Conduct security reviews of application code, architecture, and APIs during the development lifecycle.
• Implement and maintain security tools in pipelines, ensuring vulnerabilities are caught early.
• Guide the implementation of encryption, authentication, and secure data storage mechanisms.
• Ensure cloud environments and services (Azure) are configured securely and monitored effectively.

PENETRATION TESTING RESPONSIBILITIES:

• Conduct in-house penetration testing to identify vulnerabilities in applications, networks, and systems.
• Simulate real-world attack scenarios to assess and strengthen the organization’s security posture.
• Prepare reports of findings and work with relevant teams to address identified weaknesses.