IT Security Analyst

Work Location Type: Hybrid Job Code: 509 Location: Mississauga Reports to: Director IT Operations & Governance It’s not a package. It’s a promise. As Canada’s leading integrated freight, package, and logistics provider, we’ve been helping promises get where they need to be for more than 60 years. How does the magic happen? The journey starts with you . The places we go, the elements we brave, the promises we deliver – it’s all possible because of our people. So, whether you’re looking to build new skills, make an impact in your community, or inspire your team, we go there for you. Job Description: Reporting to the Director IT Operations & Governance, the IT Security Analyst is responsible for governing all security aspects in the IT solutions in SAP applications and/or in the middleware areas, ensuring compliance to security guidelines set by Innovapost Security COE, compliance to security auditing requirements, and following industrial best practices. The security specialist is to work closely with other practice leads and the product teams to promote DevSecOps practices. The successful candidate will be driving implementation and adoption of security practices for the product lifecycle of the Business Solution Delivery (BSD) group from Architecture to Design, Test, Deployment and operations. The security architect is connected to Security COE and is responsible to produce any security assessment or audit report required by Security COE. What will you be responsible for? Understand the access model and brings security awareness to the product teams on applicable standards/policies; make recommendations for improvements to existing tools and solutions to keep up with the standards. Responsible for oversight and governance for identity and access management (IAM), including role creation and modification, user creation and assignment with Central User Administration (CUA) and assignment of Structural Authorizations. Work with business and project teams to govern SAP/middleware access requests and related issues by following the standardized processes and procedures. Assist in resolving issues related to roles & authorization, and in implementing a testing strategy for credentials management, code quality, vulnerability assessment, secrets management, and other roles & authorization related development. Provide support regarding safe code migrations (Transport) in all Cloud environments for SAP applications and/or middleware platform. Performing risk assessments, threat modeling and security architecture reviews, and prepare and maintain security related documents as and when required. What does it take for this role to be yours? 7+ years progressive experience in the IT Security field. In-depth knowledge of entitlements and access control the various protocols for tracking records such as LDAP. Strong SaaS/Application/Network security knowledge and experience. Extensive experience and knowledge in as many as possible of the following areas: Application security, SAP and non-SAP applications Middleware Management Data Security Identity and access management - AWS Cloud, Okta, OpenID, OAuth, SAML, 2FA Cloud computing, Cloud Network Services and Software-defined networking (SDN) Cyber Security and Cyber Investigation Familiarity with Web technologies and standards – HTTP/S, JSON, REST, SOAP, XML, W3C Standards, Python. Network layer technologies – FWs (Juniper, Checkpoint or similar), EDR fundamentals, VPN technologies, DNS. SCA and SAST tools – OWASP Dependency-Check, OWASP Dependency-Track, Snyk, Veracode, SonarQube or similar. Experience in Disaster Recovery. Experience in Test and Evaluation. Experience in Risk Management. Additional skills that set you apart Experience in designing and configuring SAP security solutions such as GRC Access Control, Identity Access Governance, GRC Process Control, SAP Enterprise Threat Detection and Onapsis. Ability to foresee IT risks and implications on SAP ERP programs, with the ability to identify weaknesses and recommend solutions to senior stakeholders. Expertise in threat modeling frameworks. OWASP Top 10, STRIDE, MITRE ATT&CK framework or similar. Security GRC – MetricStream or similar. Leadership skills, experience working with various stakeholders. Experience using Jira for Agile software development, and deliver methodology. Education and certification Academic: University degree in engineering, computer science, business, or equivalent (Required). Certifications: CISSP, CISA, or CISM. What We Offer Purolator is one of Canada’s best employers (#19 in 2021 according to Forbes), offering an industry leading total compensation, and a professional, satisfying work environment. Working with a modern technology stack in a team that values innovative ideas to enhance our process. A diverse and inclusive team environment that is friendly to family commitments. Options to arrange either a full-time-remote or in-office workspace with your manager. Your choice of a Mac or Windows development environment. Make a difference in the lives of hundreds of thousands of Canadians per day who use Purolator’s services. POSTING DETAILS Location: 530 - Corporate Working Conditions: Office Environment Posting Number: 63499 Reports to: Director IT Operations & Governance We are aware of a fraudulent website that appears to mimic the Purolator careers page. Official job postings from Purolator are shared on www.purolator.com/careers or https://careers.purolator.com . Please ensure any job applications are made directly on these websites. Please note, Purolator will never ask an applicant to make a financial transaction for equipment as part of its recruitment process. Purolator is an equal opportunity employer committed to diversity and inclusion. We consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, Aboriginal/Indigenous status, or any other factors considered discriminatory. If you require an accommodation during the recruitment process, we will work with you to meet your needs. At Purolator, every day is an opportunity for our employees to connect with one another and with our customers to help make a positive impact in the communities where we live, work and play. #J-18808-Ljbffr