Duration: 12 months + extensions + Permanent
Location: Ottawa 4x/week
Rate: 55-75/hr
Required Skills & Experience
- 5+ years of experience in test architecture specifically within cybersecurity and security products
- Experience designing and implementing security testing strategies and frameworks
- Experience creating and managing security test cases, test plans, and validation activities
- Ability to define and document security test architecture
- Experience translating security requirements into testable controls and validation criteria
- Strong understanding of enterprise application, infrastructure, cloud, and integration architectures
- Experience performing threat modeling (STRIDE, MITRE ATT&CK, or similar methodologies)
Nice to Have Skills & Experience
- Experience performing threat modeling (STRIDE, MITRE ATT&CK, or similar methodologies)
- Threat modeling (STRIDE, MITRE ATT&CK, etc.)
Job Description
We are seeking an experienced Cybersecurity Test Lead/Architect to lead the end to end design and implementation of enterprise-wide security testing strategies. This role will bridge Solution Architecture, Cybersecurity, Quality Assurance, and Compliance teams to ensure security requirements are effectively translated into test architectures, test cases, and validation frameworks.
The successful candidate will be responsible for defining security testing methodologies, supporting SOC compliance initiatives, developing security test coverage models, and ensuring that security controls are validated across applications, infrastructure, cloud environments, and system integrations.
Some areas of cybersecurity testing strategies should include:
IAM & MFA - IAM, Identity and Access Management, MFA, Multi-Factor Authentication, RBAC, ABAC, SSO, Single Sign-On, OAuth, OpenID Connect, Active Directory, Azure AD, Okta, Ping Identity, Privileged Access Management (PAM), Authentication, Authorization
Encryption & Data Protection - Encryption, Data Protection, Cryptography, TLS, SSL, PKI, Key Management, Certificate Management, Secrets Management, Tokenization, Data Masking, AES, RSA, HSM, Secure Data Storage
Vulnerability Management
API Security - API Security, REST API, SOAP, OAuth2, JWT, OpenID Connect, API Gateway, Postman, Burp Suite, API Testing, Authentication Tokens, Rate Limiting, Secure Integration
Logging & Monitoring
Security Configuration & Hardening
Threat Modeling & Risk Assessment - Threat Modeling, STRIDE, MITRE ATT&CK, Risk Assessment, Risk Analysis, Security Architecture, Threat Analysis, Attack Surface Management, Security Controls, Risk Mitigation
Compliance Control Testing (SOC 2) - SOC 2, Compliance Testing, Controls Testing, Security Controls, Audit Support, ISO 27001, NIST, Governance Risk and Compliance (GRC), Audit Evidence, Control Validation
Security Architecture Validation - Security Architecture, Solution Architecture, Security Design, Enterprise Security, Architecture Reviews, Secure Design, Security Frameworks, Security Requirements, Design Reviews, Cybersecurity Architecture
