> CAREERS

Career Opportunities


Cygnos I.T. Security is recognized leader in the field of information technology security and training. We are focused, committed and motivated, to turn our expertise and experience into high value, trusted business solutions. Our shared respect, integrity and enthusiasm are central to our success both as a company and as individuals.

As part of the Cygnos team you'll work with an organization producing the highest quality solutions through the strengths, capabilities and initiative of our resources.

At Cygnos we're always looking for highly motivated resources who demonstrate initiative and maturity in the performance of their responsibilities and in their day-to-day business interactions. Cygnos is interested in meeting positive, productive people to contribute to the growth of their respective teams and the company as a whole.

Interested in joining a dynamic team? Send us your resume in confidence to the attention of Cygnos Human Resources at hr@cygnos.com.

Cygnos is regularly looking for qualified candidates in the following categories.

1. Intermediate Vulnerability and Web Application Assessment Security Analyst
2. Application Security Analyst 3. Business Continuity Planning (BRP - BCP) Engineer
4. Human Resources (HR) Security 5. Forensics Specialist
6. Information Technology Security (ITS)  Penetration Testing and Vulnerability Specialist 7. Information Technology Security (ITS) Policy Analyst
8. Information Technology Security (ITS) Project Manager 9. Intrusion Detection System (IDS) Architect
10. Physical Security Specialist 11. PKI Specialist
12. Security Analyst / Architect 13. Security Product / R&D Specialist
14. Security Trainer / Security Instructors 15. Intermediate Risk Analyst
     
  Intermediate Vulnerability and Web Application Assessment Security Analyst  
 

The successful candidate will provide consulting services to a wide range of public and private sector clients, with a focus on performing vulnerability assessments, and assessing the security of web applications.   Engagements will include:  Network level vulnerability assessments, enterprise-wide security audits, eCommerce application security assessments, architecture, and engineering.   Effective writing skills are fundamental to this position

 

Qualifications

      3-5 years of progressive work experience in performing IT Security work, including technical vulnerability assessments

      Experience in conducting web application security assessments on both MS Windows and UNIX platforms

      Solid background in eCommerce technologies, and web application development

      Solid experience in security technologies including firewalls, IDS systems, Security Event Management systems

      Solid experience in network architecture design, implementation and maintenance, in particular as pertaining to security requirements

      Ability to advise and make security recommendations based on sound principles and proven methodologies

      Ideally, Information Systems Security certification such as CISSP,CISA or CISM a definite asset.

      A good understanding of security standards, protocols and technologies available for the UNIX, Windows 2000/2003 and web-based environments

      Familiarity with GoC organizations, policies, and standards

      Highly organized, analytical, detail and action oriented.

      Strong planning, facilitation, communication, negotiation and interpersonal skills.

      Ideally, a University Degree/Diploma in Computer Science, or Engineering.

       Ideally Secret Security Level II clearance.

Qualified candidates will be required to submit samples of work demonstrating past experience, writing and presentation skills.

 
  Applications Security Analyst:  
  The ability to read and understand different code languages such as Java, C++, Visual Basic etc.   An understanding of Web servers and backend databases such as Oracle, MS SQL and Sybase is also required.  The Application Security Analyst is able to define coding rules that fit with other Security Policies in an organization as well as include generic coding rules not always followed by programmers.  They review existing code for vulnerabilities such as buffer overflows, backdoors, overall security structure and user rights at both the application, database and server levels.  The Analyst has the added responsibility of detailing and documenting findings in an audit like manner so that problem areas that have been revealed also show how they should be fixed.  Best practices in coding etc. that are found within an organization are also documented and encouraged to be incorporated in standards as status quo.  
     
  Business Continuity Planning (BRP - BCP) Engineer:  
  Capable of advising clients on planning for recovery from accidental business outages due to serious failure of services at the IT Infrastructure level is the overall responsibility of the BRP-BCP Engineer.  Understanding of multiple backup software's, methodologies, development life cycle, testing and daily procedures are all part of the responsibility set.  The BRP engineer will facilitate in the creation of disaster recovery plans and must take into account overall organizational policies in order to give order to the recovery process and ensure key facilities are accessible within defined time frames.  The planning of offsite facilities is also many times included in the overall process.  
     
  Human Resources (HR) Security:  
  HR security involves people.  Although many large organizations have independent security done on their employee’s (e.g. Enhanced Security, Secret Security in Government), an understanding of what this means to an organization is sometimes lacking.  HR Security personnel are not only able to review individuals to see if they meet certain organizational requirements from a security angle but they must also be able to enter an organization and document what level of security is required by certain areas or personnel within the organization.  HR Security people look at applications and more importantly the data the applications use.  They can then document the level of security required based on data content and overall organizational policies.  
     
  Forensics Specialist:  
  The forensic specialist will assist organizations in investigating computer crime and other suspicious computer activity. Our forensic specialists are technologically competent and trained on handling computer evidence and communicating their findings in an efficient and effective manner.  Forensics includes items such as:
  • The recovery of information from digit resources including RAM, hard drives, tapes

  • Investigation and analysis of system, security and application logs

  • understanding of cutting edge hacker methodologies, exploits and tools;

 

 

  • Evidence handling and chain of custody procedures;

  • Interviewing personnel and review organizational procedures and policies to see if all items have been adhered to

  • Excellent writing and communication skills and ability to present findings in a report, which maybe used in the court of law;

 

 
     
  Information Technology Security (ITS) Penetration Testing and Vulnerability Specialists:  
  A Vulnerability Assessment Specialist identifies security weaknesses and strengths of the client's systems and networks as they appear to outsiders as well as internal users operating within the client's security perimeter.  The goal is to demonstrate the existence or absence of known vulnerabilities that could be exploited by authorized internal users, or external hackers alike.  
     
  Information Technology Security (ITS) Policy Analyst:  
  The Policy analyst must have the ability to read and interpret existing policy as well as create or recommend new or changes to policy.  The analyst must understand the impact of policy on both the business and technology sides of an organization.  Many times policy can create a domino effect where one small change can ripple and topple other existing standards.  Therefore policy must be somehow tested to ensure its application works and that its potential side effects, if any, are understood and accounted for.  Aspects that should be considered in Policy are Service Level Agreement’s (SLA’s), ROI and BRP-BCP.  Policy should also reflect Threat and Risk.  
     
  Information Technology Security (ITS) Project Manger:  
 

The ITS PM needs to have a sound understanding of Security in general.  They must understand the complexities of security and its effects on work performance and loads.  Although a detailed knowledge of all security areas would be beneficial, the ITS PM is more of a generalist and has the ability to organize these functional areas and people into a single cohesive system.  Creating workshops, attending meetings and other common PM duties are also part of the ITS PM’s responsibilities.

 
     
  Intrusion Detection System (IDS) Architect:  
  An Intrusion Detection System Architect is capable of advising and designing Intrusion Detection System capability within the framework of clients’ security policies.   An understanding of multiple IDS systems, their functionality and how they each would fit into an organizations existing security infrastructure are always required.  Both Network and Host systems are used and therefore an understanding of the significance of both, their interoperation and their operation/impact on the entire system must be understood.  The number of alerts created by IDS can be huge.  The ability to set baselines, filters and cross references on alerts, between systems, to reduce their number is paramount  
     
  Physical Security Specialist:  
  Physical security reviews the house that systems reside in.  Whether biometrics are required for access, wires in ceilings, code locks on doors etc are needed and where such security hardware is placed.  Redundancy in systems is also of importance as well as breakdowns of intrusion scenarios so that ‘next steps’ and ‘preventative steps’ are documented and understood.  
     
  PKI Specialist:  
  An understanding of PKI at a highly detailed level is required.  The use of keys, types of keys, methodologies and configuration of systems using PKI must be understood.  Software, such as Entrust, must be in the specialist repertoire of tools and how it is used and impacts applications, mail etc must not only be clearly understood but the specialist must be able to make others aware of the use of PKI, its implications and overall administration and maintenance.  Trust relationships are key to PKI and the specialist must also be able to create matrixes of requirements that can and will aide in the adoption of partners.  
     
  Security Analyst / Architect:  
  The Security analyst/architect is not unlike the ITS PM.  The difference is that the organizational ability is at a technology detail level.  The knowledge of all security areas is required coupled with the ability to map security policy requirements down to technological security solutions.  The inter-relationships between security areas are also required.  The analyst/architect is like a puzzle master.  They must be able to understand all facets of each security domain and piece them together so they fit seamlessly and work together as a single cohesive system.  
     
  Security Product / R&D Specialist:  
  A security product analyst performs in-depth analysis of emerging security products and protocols. The objective being to assist clients in choosing and deploying the product that is best suited to their security and is capable of integrating with it.  
     
  Security Trainer / Security Instructors:  
  Security trainers/instructor may not only be required to teach technical security aspects from IDS to PKI but must also be able to interpret the benefits of these systems and their necessities to the general workforce of an organization.  This ability in the instructor will benefit the organization since the ‘message’ of security can be delivered to all within an organization.  This further benefits the organization since awareness is a key element in an overall security posture.  
     
  Intermediate Risk Analyst  
 

Position Overview

The successful candidate will provide consulting services to a wide range of public and private sector clients, with a focus on IT Security and Risk Management.   As a risk analyst, engagements will include:  Threat/Risk Assessments, Privacy Impact Assessments, Compliance Audits, Policy Development, Governance Reviews, and Training.

 

 

Qualifications

 

      3-5 years of progressive work experience in audit and IT Security risk management

      Extensive knowledge of information security standards such as ISO 17799 and information system audit frameworks such as COBIT.

      Extensive knowledge of Government of Canada standards including MITS, GSP, MG and ITSG series standards on Certification & Accreditation, Risk Assessments, Privacy Assessments, and Security Controls.

      Experience in conducting Threat/Risk Assessments according to the RCMP or CSE Methodologies

      Experience in conducting Privacy Impact Assessments according to the Treasury Board Secretariat guidelines

      Experience in conducting gap analyses against GSP, MITS, and other standards and policies

      Familiarity with GoC organizations

      A good understanding of security standards, protocols and technologies available for the UNIX, Windows 2000/2003 and web-based environments

      Experience in developing and testing contingency and business resumption plans.

      Highly organized, analytical, detail and action oriented.

      Strong planning, facilitation, communication, negotiation and interpersonal skills.

      Ideally, Information Systems Security certification such as CISSP,CISA or CISM a definite asset.

      Ideally, a University Degree/Diploma in Computer Science, Business or Engineering.

       Ideally Secret Security clearance.

 

Seminars




Why Invest in Security?

Click above to download our brochure in Adobe Acrobat PDF format

Security Leadership Seminar

BHI & Cygnos IT Security

Contact us | Privacy Statement | Site map
This site is best viewed in 1024x768 resolution