- Candidate must be a Certified Information Systems Security Professional (CISSP) or a Certified Ethical Hacker.
- Candidate must be able to work onsite at a Government of Saskatchewan office in Regina, Saskatchewan.
- Local Knowledge
GOS is interested in understanding the Resource’s experience with GOS, or comparable entities, as it relates to the technical and business landscape. Describe in detail.
This requirement is heavily weighted.
- Candidate should demonstrate achievements in Application and Information Security outlining that experience in the private and/or public sectors.
Experience should clearly indicate success identifying, measuring, and mitigating risks related to application development and implementation of websites and applications.
This requirement is heavily weighted.
- Demonstrated working experience with web protocols such as, though not limited to, HTTP, HTTPS, and SOAP.
- Demonstrated working experience with web technologies such as, though not limited to, HTML, JavaScript, XML, AJAX, JSON, and REST.
- Demonstrate a strong working knowledge of cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard and security testing tools.
- Demonstrated experience utilizing vulnerability scanning and analysis as part of a Risk Management Program.
- Demonstrated working experience in infrastructure risk identification, reporting, and mitigation.
- Demonstrated working experience in static and dynamic application security testing using automated tools and manual techniques.
- Demonstrated knowledge of evaluating Secure SDLC and DevSecOps programs to establish how to embed security activities within.
- Demonstrated knowledge of cloud security and cloud-based application architecture and different deployment models.
- Demonstrated working knowledge of network infrastructure, routing, DNS, and web filtering.
- Demonstrated experience with application development/coding security practices.
- Demonstrate a strong familiarity and working experience with the ISO 27002:2013, or equivalent, code of practice for information security controls.
- Demonstrated achievement of an undergraduate degree in Computer Science or equivalent combination of experience and education is considered an asset.