E

Information Technology Security Analyst

Equifax Canada Co.
Full-time
On-site
Toronto, Canada

Synopsis of the role

As our IT Security Analyst, this role requires a motivated self-starter. Someone who has strong analytical and problem-solving skills, a deep understanding of risk and compliance management principles, excellent communication and report-writing abilities, and knowledge of industry-specific regulations, standards, and frameworks. You are passionate about security and believe in due diligence. Responsibilities include but are not limited to.

What you’ll do

  • Proactively identify and address system, network, and data to prevent cyber-attacks.

  • Developing and executing formal web application and API security testing plan. Involved in test planning, preparation and communication with the development team prior to security test execution. 

  • Assess and validate security controls, while suggesting compensating controls to address vulnerabilities and control gaps.

  • Collaborate with stakeholders to remediate application and infrastructure vulnerabilities.

  • Conduct vulnerability penetration tests and security controls risk assessments.

  • Facilitate information gathering and reporting for Internal and External Audit functions.

  • Providing recommendations to the Technology Information Security Officer on the risks posture that are related to the Equifax Canada environment.

  • Partnering with Technology on security engagements by opening front door requests and collecting evidence for projects.

  • Support evidence collection for various security compliance frameworks, including NIST, PCI-DSS, ISO 27001, and SOC assessments.

What experience you need

  • Minimum 4+ years in security and 2+ years of experience with the Risk assessment, application security and cloud security.

  • 3+ years experience in penetration testing and ethical hacking, including web applications, API testing and cloud environments.

  • Proficiency in web application security tool and frameworks including but not limited to BurpSuite, OWASP top 10 and secure coding practices across development languages.

  • Good understanding of technical security controls, secure coding standards and Hands-on experience with cloud such as GCP and AWS.

  • Strong understanding of PKI, encryption standards, Microservices architectures, Kubernetes security.

  • Experience with ServiceNow, Jira, and/or other reporting platform tools including creating workflows, dashboard creation, and optimization.

  • Pays attention to team needs and pivots his/ her approaches accordingly to support the delivery of business value.

  • Expert in ability to communicate to advanced Technical teams as well as brief management on technical risks and issues

  • Exposure to audits like PCI, SOC, ISO 27001 and familiarity with common security frameworks NIST, COBIT, ITIL, ISO

  • Proactive, detail oriented and able to work independently and efficiently

What could set you apart


  • Passionate about Cybersecurity.

  • Demonstrate passion continuous learning

  • Bilingual ( french language is an asset)

  • Previous experience working in cyber security and risk management at a large company

  • Hold relevant industry certifications in OSCP,OSCE or CEH.

Primary Location:

CAN-Toronto-5700 Yonge

CAN-Montreal

Function:

Function - Security Governance and Compliance

Schedule:

Full time