RQ00650 - Sr. Security Specialist

1+ year contract (260 business days) - possible extension

ONSITE 5 days - 200 Front St West

NOTE - Provide after-hours support as required for security events or high-priority operational needs.

Must Haves:

• 7+ years of hands-on cyber security experience supporting security operations, incident response, threat intelligence, secure architecture, and other security assurance activities.
• Experience designing, implementing, and securing cloud environments (e.g., Azure), including cloud-native security controls and architecture best practices.
• Strong experience supporting and coordinating incident response activities, including cross-functional coordination and incident lifecycle management.
• Demonstrated experience in project delivery, including planning, coordination, stakeholder engagement, and execution of security initiatives.
• Strong business analysis skills, including requirements gathering, documentation, and translating business needs into security solutions and risk-based recommendations.

Nice-to-have:

• Bachelor's degree in Information Technology, Computer Science, Cyber security, or related discipline.
• Relevant certifications such as CISSP, CCSP, SSCP, Security+, or GIAC certifications.

Project Overview:

In response to the escalating cyber threats in today's digital landscape, Supply Ontario is maturing its strategic initiatives to expand its cyber security program. This initiative aims to strengthen the organization's security posture, safeguard sensitive data, and ensure continuity of operations in the face of evolving cyber risk.

The objective is to establish and mature a comprehensive cyber security program that supports Supply Ontario's core business functions. This includes continuous improvement of proactive and reactive security controls across Confidentiality, Integrity, and Availability (CIA). Key program areas include Cloud Security, Vulnerability Management, Cyber Risk Management, Security Operations, Incident Response, Threat Intelligence, Security Architecture, Policy Development, Compliance, and Training & Awareness.

The program will leverage industry best practices and modern security technologies to enhance resilience and ensure alignment with enterprise and public sector security expectations.

Experience required:

• 7+ years of hands-on cyber security experience supporting security operations, incident response, threat intelligence, secure architecture, and other security assurance activities.
• Experience designing, implementing, and securing cloud environments (e.g., Azure), including cloud-native security controls and architecture best practices.
• Strong experience supporting and coordinating incident response activities, including cross-functional coordination and incident lifecycle management.
• Demonstrated experience in project delivery, including planning, coordination, stakeholder engagement, and execution of security initiatives.
• Strong business analysis skills, including requirements gathering, documentation, and translating business needs into security solutions and risk-based recommendations.
• Strong knowledge of cyber risk management frameworks and conducting threat risk assessments with associated mitigation strategies.
• In-depth knowledge of industry standards and frameworks such as NIST 800-53, ISO/IEC 27001, and CIS Controls.
• Experience working with SOC audit reports (including SOC 2 Type II) and supporting audit/compliance activities.
• Strong understanding of cyber security concepts including vulnerabilities, threats, encryption, defense-in-depth, authentication, risk management, and security operations.
• Knowledge of threat modeling and adversary frameworks such as Cyber Kill Chain, MITRE ATT&CK, Diamond Model, and IOCs.
• Experience supporting vulnerability management, including scanning, prioritization, remediation tracking, and reporting.
• Experience supporting cyber security awareness and training programs across organizations.
• Strong experience managing cyber security vendors and service providers, including performance oversight and service level management.
• Strong interpersonal and communication skills with the ability to engage technical teams, business stakeholders, and senior leadership.
• Strong written and verbal communication skills with experience producing technical and business-level documentation.
• Ability to adapt to changing priorities in agile or evolving project environments.
• Experience coordinating and supporting security architecture requirements for systems and enterprise IT projects.

AI Disclaimer: Source Code may use artificial intelligence (AI) tools to assist in certain aspects of its recruiting and business operations.

Note: The higher end of the range is intended for absolutely exceptional candidates who meet all must-have requirements and most or all nice-to-have qualifications. The client will evaluate candidates based on both rate expectations and overall skill set when shortlisting.

INCORPORATED RATE RANGE (7.25 billable hours per day)

• $96.55/hr - $115.86/hr Inc.

T4 RATE RANGE (7.25 billable hours per day)

• $77.24/hr - $92.69/hr T4