Security Assessor

Job Description

ADGA is looking to hire a Senior Security Assessor to work with our client who is leading an initiative to improve its business agility and performance by adopting a cloud and on-premises DevOps agile software development and by providing developers with state-of-the-art tools and suitable environments at Protected B confidentiality, Medium integrity and Medium availability (PBMM) security level. The initiative will not only provide employees a modern and flexible workplace environment, but also will increase the cloud collaboration with other Government of Canada (CoC) Departments at Protected “B” Medium Integrity Medium Availability (PBMM) security level.

The Senior Security Assessor’s role is to assess the collected evidence provided in the SRTM, to imply if the evidence is met, not met, or partially met and to prepare and present the assessment report to IT Security – Risk Management Unit.

The Senior Security Assessor will be mainly involved in the Security Assessment and Authorization (SA&A) at PBMM security level for several cloud and on premises systems and services implementations, including but not limited to:

1. Site to Site VPN and/or Express Route between on-premises network and MS Azure Cloud
2. Point to Site VPN between mobile devices and MS Azure Cloud
3. Desktop as a Service – MS Azure Virtual Desktop (AVD)
4. Cloud and on-premises end to end DevOps tools including but not limited to: MS Azure DevOps, JFrog , GitLab, Jenkins
5. Automated and Secure Data Transfer Pipeline between MS Azure Cloud and on-premises environments (ASDTP)
6. Secure Data Pump
7. Atlassian products Jira and Confluence
8. Containers and Kubernetes
9. Mobile devices Laptops and Androids
10. On-premises workstation
11. MS Sentinel
12. MS Defender – for Cloud and DevOps
13. MS Intune
14. MS Office 365

In addition to the main task listed above, The Senior Security Assessor will be expected to:

1. Perform other SA&A Activities such as: Security Categorisation, Concepts of Operations, Security Reviews, Threat and Risk Assessments and/or Authorisation letters.
2. Create and review IT Security policy, procedures, and guidelines.
3. Provide IT Security expertise to the IT Security group and various project teams for any deliverables involving security concepts.
4. Prepare and submit various deliverables as detailed below. These deliverables, tasks and/or activities, as well as their schedule, content, and format, will be identified and further detailed in Task Authorizations.
5. Collaborate closely with the Technical Authority, and/or other branches members, and/or project team members and/or partners to perform the required deliverables of the contract.
6. Work on one or more deliverables under the direction of the Technical Authority.
7. Work as part of teams in a collaborative, respectful, and productive environment.

Qualifications

The Senior Security Assessor must meet the following requirements:

• A minimum of 7 years of experience in Information Security and/or Information Technology Security.
• Must hold one or more Information Systems Security Professional certifications including Cloud Certifications (e.g., Microsoft Certified Azure Security Engineer Associate, Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Automation (GCSA), CISSP, CISA, GIAC.
• Must have an Undergraduate University Degree (IT related such as Computer Engineering, Computer Science, and Information Systems) from a recognized educational institute.

• Extensive practical knowledge of each of the following GoC IT Security Publications:

  • Policy on Government Security;
  • ITSG-33: IT Security Risk Management: A Lifecycle Approach;
  • TBS “Government of Canada Cloud Security Risk Management Approach and Procedures”;
  • TBS “Government of Canada Considerations for the Use of Cryptography in Commercial Cloud Services”
  • CSE "Guidance on cloud security assessment and authorization";
  • CCCS “Guidance on the security categorization of cloud-based services”
     
• Extensive experience with the following:
  • Security policy and standards development;
  • IT Security requirements development (functional and technical requirements);
  • IT Security processes, including IT security audit and oversight for compliance with policies and technical requirements.
  • Security Categorisation;
  • IT Threat / Risk Assessments;
  • Concepts of Operations;
  • System Certifications & Accreditations and/or System Assessments & Authorizations.
     
• Extensive experience with a combination of the following:

  • Ground to cloud connectivity (Site to Site VPN and/or Express Route)

  •  Point to Site VPN

  • Desktop as a Service – MS Azure Virtual Desktop (AVD)

  • DevOps tools including but not limited to: MS Azure DevOps, JFrog , GitLab, Jenkins

  • Cross domain technologies (from unclassified/protected systems to classified systems)

  • Atlassian products Jira and Confluence

  • Containers and Kubernetes

  • Mobile devices Laptops and Androids configuration

  • Windows 10 and 11 devices

  • MS Sentinel

  • MS Defender – for Cloud and DevOps

  • MS Intune

  • MS Office 365 (Teams, SharePoint, OneDrive)

  • MS Exchange Online

  • MS Azure Active Directory (AAD)

• 5 years of experience in Information Technology and/or Information Technology Security in a Top Secret security environment.

Additional Information

Work-Life Balance  

We strongly support a healthy and productive work-life balance. This starts with a flexible approach to work, and policies designed to support employees through their day-to-day routines and major life events. For example, we offer a Maternity/Parental Top-Up (up to 52 weeks) and a Reservist Leave Top-Up (up to 180 days). 

Belong@ADGA  

ADGA continuously strives to integrate advanced Diversity, Equity & Inclusion (DEI) approaches and practices into our work culture. Our employee-based DEI Committee explores activities and invites discussions that foster an environment where all employees feel valued, respected, and heard.

Compensation  

Above and beyond our commitment to offer a competitive base salary, ADGA has a company-wide profit-sharing plan for all full-time and part-time employees.

Comprehensive Benefits and Total Rewards  

We offer a comprehensive benefit program, providing employees with the choice between base or enhanced plans. Depending on the plan, ADGA pays for Health & Dental, a Health Spending Account, Short-Term Disability, an Employee Assistance Program, and a Telemedicine service. Also offered: discounts on gym memberships, 5,000+ perks through Perkoplis, a Deferred Profit Sharing Plan, and access to a wide range of other employee-centric services and savings programs.