22 Oct
S.i. Systèmes
Ottawa
Our public sector client needs a Secret-cleared Security Specialist to evaluate system security and create plans to address risks identified in the Security Assessment and Authorization (SA&A) document.
We are seeking a skilled Security Assessment and Authorization (SA&A) Practitioner to join our team. The ideal candidate will have experience in collecting and assessing security evidence for public cloud platforms, ensuring compliance with Government of Canada (GoC) security processes (ITSG-33), and improving cloud security posture.
Key Responsibilities:
- Gather and assess evidence for security assessments and authorizations of public cloud platforms such as Azure, Microsoft 365, PowerPlatform, and Azure DevOps.
- Evaluate collected evidence against security best practices for tools like Sentinel, Microsoft Defender for Cloud, and Microsoft Defender for Endpoint.
- Develop recommendations to enhance the client’s cloud security posture and ensure compliance with ITSG-33 and GoC Cloud Guardrail controls.
- Develop a detailed Work Breakdown Structure (WBS) for the Security Sub-Project, consisting of over 300 activities, to integrate into the overarching MSFT Cloud Migration Project Schedule.
- Develop and maintain a Plan of Action & Milestones (PoAM), Risk Register, and Authority to Operate (AtO)
Qualifications:
- Proven experience in security assessment and authorization processes, specifically with public cloud platforms.
- Deep understanding of ITSG-33 and GoC Cloud Guardrail controls.
- Strong analytical skills and attention to detail.
- Excellent documentation and project management skills.
- Familiarity with security tools such as Sentinel, Microsoft Defender for Cloud, and Microsoft Defender for Endpoint.
Certifications:
- Certified Cloud Security Professional (CCSP)
- Microsoft Certified: Azure Security Engineer Associate (AZ-500)
- Microsoft Certified: Azure Cybersecurity Architect (SC-100)
- Microsoft Certified: Cybersecurity Architect Expert
Apply