19 Oct
David Joseph
Ottawa
Communications Security Establishment (CSE) has a requirement for specialist professional services
in the field of IT Security Vulnerability Analysis to assist the CSE Information Protection Section.
The cyber threat environment is a constantly evolving landscape with ever-mounting challenges.
CSE enterprise information security program addresses these challenges through a range of
programs and services, some of which require enhancement to further fulfill organizational needs.
The IT Security Vulnerability Analysis Specialist will assist in the ongoing enhancement of the CSE
Vulnerability Management Program tailored for its unique operational environments.
SCOPE
The IT Security Vulnerability Analysis Specialist will provide insight and assistance to CSE staff and be
responsible for successful completion of the following requirements listed below:
- Work with CSE stakeholders to facilitate the adoption of patching best practices throughout the
enterprise with a primary focus on Enterprise Technologies and Solutions (ETS) and DXC
Technology patch management authorities;
- Carry out vulnerability scans, reporting findings to management and working with stakeholders
to resolve critical issues;
- Train CSE staff on enterprise Vulnerability Analysis capability;
- Assist with any vulnerability management activity that arises resulting from CSE networks
integration activities;
- produce briefing notes and risk assessments concerning CSE’s vulnerability posture;
- Assist with, and where necessary provide technical leadership for, corporate response activities
to major, urgent vulnerabilities requiring immediate and comprehensive action;
- Management and coordination of the work and provision of quality control oversight on all
deliverables;
- Providing weekly progress/status reports, the exact format/template will be provided by the CSE
technical authority;
- Preparing a record of discussions/decisions resulting from any formal meetings that are held
related to this work;
- Immediately notifying in writing following CSE format the TA of any issue/problem that may
impede, delay or negatively impact completion of authorized work;
- Maintaining an electronic library of work in progress, delivered items and reviewed comments,
and version control thereof in GCDOCS;
- Consulting with the TA, throughout the duration of this contract and provide briefing notes, and
presentations to management as required by the TA;
- Providing written advice, guidance and recommendations on Information Security (IS)/IT
Security issues as required by the TA, , the exact format/template will be provided by the CSE
technical authority;
- Participating in working groups and forums as required (within the NCR);
- Providing coordination of input to change management board; and
- Managing and coordinating quality control oversight on all deliverables.
DELIVERABLES
The Contractor must produce the following deliverables in support of the tasks described in section
above. Deliverables must be submitted to the TA for review and comment one week prior to the
completion dates, with any follow-on revisions carried out within two business days of receiving
feedback from the TA.
All deliverables shall be submitted to the TA, in one (1) electronic copy in MS Office format, Atlassian
collaboration tools (including using Confluence and Jira) and reporting capabilities of the CSE provided
systems. All deliverables must be securely stored.
Where suitable in support of the services required:
- Process documentation (for example Concept of Operation (CONOPs), other material required in
support of accreditation).
- Documented testing methods and analysis tools that will be used to train or share information
with CSE staff.
- Briefing notes and risk assessments concerning CSE’s vulnerability posture using standard office
productivity software from the CSE classified desktop environment (e.g. PowerPoint
presentations and Word documents).
- Weekly status reports on efforts, deliverables, issues, and risks.
- Report and track project-related activities, status, and progress.
- Record of Decisions (RoD) affecting the outcome of the project are made to include cost, scope,
and timelines. RoD after each meeting and / or telephone discussion where appropriate.
- Top Secret Security Clearance
- (2) years’ experience within the last five (5) years providing in-depth analysis of vulnerabilities and impacts to key stakeholders of Government of Canada.
- Experience in identification and evaluation of complex business and technology risks, establishment of internal controls which mitigate risks,
and related opportunities for internal control improvement.
- Experience with (2) of the following in an On-Site enterprise environment domains:
- NMAP;
- Tenable Network
- Security;
- Qualys;
- Burp Suite; and
- Rapid7
▶️ IT Security VA Specialist
🖊️ David Joseph
📍 Ottawa