Security Analyst

at  Saskatchewan Blue Cross

Saskatchewan Blue Cross®, one of Saskatchewan’s Top Employers, is currently recruiting for a full-time permanent Security Analyst to join our team in the Cybersecurity department. This position offers the flexibility to be in-office or participate in hybrid options in our Saskatoon or Regina office.

JOB FUNCTION

If you are passionate about security, eager to learn, and thrive in a fast and team-based environment, then we’re looking for you! Reporting directly to the Manager, Cybersecurity, the successful candidate will be accountable to perform the day-to-day security operations such as daily threat research, network monitoring, incident response, threat hunting, threat intelligence and execution of security solutions, and identify and drive remediation of security vulnerabilities detected by scanning tools or by threat intelligence research. This position is responsible for the involvement in the implementation of new security solutions, participation in the creation and/or maintenance of policies, standards, baselines, guidelines, and procedures as well as participating in vulnerability and risk assessments tasks.

WHY CHOOSE SASKATCHEWAN BLUE CROSS?

We’re driven by a mission to empower communities on their journey to whole health and wellness, and have a lot of exciting things ahead of us. We’re improving our members’ experiences through investment in our people, technology, services and products. When you join our team, you’re joining an organization where employees are valued, recognized for their contributions and empowered to make us stronger. The wellbeing of our employees, our members, our partners and our communities is at the heart of our operations.

Our industry is evolving fast, and so are we! We’re looking for people who:

• Share our values
• Believe that creating great experiences is totally within their control
• Collaborate and always set others up for success
• Build positive relationships and an understanding of what people’s needs are
• See solutions and possibilities (not problems!)
• Are simply outstanding at what they do

QUALIFICATIONS & SKILLS

• Completion of a Post Secondary Diploma or Certificate in Computer Science or a related field, supplemented by a minimum of 3 years directly related work experience. An equivalent combination of training and experience will be considered
• Completion of Security+ is required
• Ability to maintain and troubleshoot enterprise infrastructure and services including routers, switches, server operating systems, access control systems, next-generation firewall, wireless, virtualization, cloud services, DNS, DHCP, NTP, SMTP, Syslog, SNMP and Internet Protocol (IP).
• Working knowledge of Multifactor Authentication, Encryption, Hashing, Single-Sign On, Federated identity, and data protection is required
• Ability to implement Security standards and frameworks including NIST CSF, ISO 27001 and CIS Controls
• Experience utilizing TCP/IP, PKI (certificates, encryption and hashing algorithms) and other network administration and security protocols
• Advanced ability with configuration of network and security appliances and tools (firewall, IPS, Windows servers, email filters, endpoint security tools)
• Ability to apply security standards and controls on-premise and in the cloud (IaaS, SaaS, PaaS)
• Proven analytical and problem-solving abilities
• Good written, oral, and interpersonal communication skills
• Ability to travel as required to meet operational needs and occasionally work outside of core operating hours
• Legally entitled to work in Canada on an unrestricted basis
• Criminal Record and background check satisfactory to Saskatchewan Blue Cross

• Participate in network monitoring, respond to security alerts and perform investigations to identify security incidents
• Maintain Security tools and solutions for incident management, endpoints, network monitoring, cloud service and email systems
• Support account management lifecycle, access control management and audit log management
• Support data protection, data recovery and application security
• Partake in the vulnerability management process. Respond promptly to zero-day vulnerabilities to implement recommended remedial controls from the impacted vendors and threat intelligence publications
• Support security awareness and skill training. Sending out monthly phishing campaign, planning quarterly training and annual security proficiency and culture assessments
• Participate in project and vendor threat and risk assessment
• Support server and network appliance hardening including patching and configuration changes to ensure the mitigation of emerging threats
• Participate in the design and execution of vulnerability assessments, penetration tests, and security audits
• Provide after-hours network monitoring and support urgent requests from end users regarding all in-place security solutions and practices as required
• Participate in the planning and design of enterprise security architecture, an enterprise business continuity plan, a disaster recovery plan, and the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures), under the direction of the Manager, Cybersecurity where appropriate.
• Maintain baselines for the secure configuration and operation of all security tools, workstations, servers, cloud solutions, mobile devices, and network devices
• Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with best security practices and in alignment with corporate policies
• Other related tasks and duties as assigned