Information Security Engineer

Company: Finning International Inc. Number of Openings: 1 Worker Type: Permanent Position Overview: Directly reporting to the Senior Information Security Lead, the Information Security Engineer is responsible for ensuring Finning Projects adhere to security best practices and guidelines, action ad hoc security requests from the business, assisting with security architecture, continued development of security requirements & standards, and working with other pillars to drive Finning’s overall security mandate.

The ideal candidate for this position must possess a broad and in-depth understanding of technical and professional skills in many Security related disciplines, including: Security Architecture, Security Operations, Identity and Access Management, Cloud transformation & architecture, Change Management, Agile development, Dev Ops, Data Governance, and Project Management.

What we can offer you:

• Great people and place to work with a hybrid work opportunity
• Career advancement and training opportunities
• Pension and employee stock purchase plans with company contributions
• Extensive health benefits including group medical and dental benefits, and short-term and long-term disability benefits
• For this position, the expected salary range is between $100,000 and $120,000 annually. This range reflects our commitment to providing competitive compensation that aligns with industry standards and your qualifications. Please note that the actual salary offer will be based on a candidate’s experience, qualifications, and fit for the role.

We are dedicated to fostering an inclusive and equitable work environment, and this salary range is designed to support that commitment.

Job Description:

Responsibilities:

• Manage Email Security Solutions: Oversee and maintain email security tools such as Microsoft Defender for Office 365 and Abnormal Security.

• Implement and Maintain Security Measures: Set up and manage email filtering, anti-phishing, and anti-spam measures to protect against email-based threats based on new use cases developed in collaboration with SOC leadership.

• Policy Development: Develop and enforce email security policies and best practices to ensure the organization’s email communications are secure.

• Monitoring and Reporting: Continuously monitor email traffic for suspicious activity and generate reports on email security metrics and incidents.

• Collaboration: Work closely with other security and IT teams to integrate email security measures with broader security strategies.

• Auditing and Penetration Testing: Co-ordinate periodic penetration testing, red team and purple team exercises as a means to validate efficacy of the internal and external detect and respond teams.

• Cyber Security Incident Response Plan: Co-ordinate and periodically review the CSIRP, working closely with the Service Management office to ensure all stakeholders are prepared and cyber incident response procedures are executed effectively.

• Incident Response Escalation: Collaborate on investigating security incidents when required, performing forensic analysis and root cause determination.

• Data Enrichment: Identify opportunities to ensure incidents and detections are populated with contextual information required to make effective decisions during the incident response process.

Specific Skills:

• Experience with Security technologies such as: Firewalls, Web Application Firewalls, Antivirus/Antimalware, Cloud Security, SIEM (Logging/Monitoring), IPS/IDS, Email filtering, Role Based Access Controls (RBAC), Single Sign On (SSO)/Active Directory, and Wireless
• Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines
• Experience in securely migrating solutions to cloud based infrastructures
• Performs security risk, vulnerability assessments, and business impact analysis information systems
• Identifies, evaluates and recommends options, implementing if required
• Identifies new and emerging hardware and software technologies and products based on own area of expertise, assesses their relevance and potential value to the organization

Knowledge:

• Knowledge of a broad range of standards and frameworks — for example, Project Management Framework, International Standards Organization (ISO), IT Infrastructure Library (ITIL), Payment Card Industry - Data Security Standard (PCI DSS), Bill-198, Personal Information Protection and Electronics Documents Act (PIPEDA), General Data Protection Regulation (GDPR)
• Thorough understanding of hosted and cloud infrastructure (SaaS, PaaS, IaaS)
• Familiar with the basic principles of organizational change management, and understanding of how to apply these principles
• Understanding of DevOps, development lifecycle, and Agile methodologies
• Aware of Disaster Recovery (DR) & Business Continuity Planning (BCP) concepts and requirements

Qualifications:

• Educational Background: Bachelor's degree in Information Security, Computer Science, or a related field.

• Experience: At least 3 years of experience in email security and related technologies.

• Technical Skills:

  • In-depth knowledge of email protocols (SMTP, IMAP, POP3) and security standards.

  • Experience with email threat analysis and incident response.

  • Familiarity with email encryption and authentication technologies (e.g., DKIM, DMARC, SPF).

• Certifications: Relevant certifications such as CISM, CompTIA Security+, or CISSP are highly desirable.

Key Tools and Technologies:

• Email Security Platforms: Microsoft Defender for Office 365, Abnormal Security.

• Security Tools: Anti-phishing tools, email encryption solutions, spam filters.

• Scripting Languages: Python, PowerShell for automation and analysis.

Soft Skills:

• Ability to effectively communicate security concepts to technical and non-technical audiences
• Excellent communication skills to effectively train and inform employees about email security.
• Ability to manage multiple tasks and work under pressure.
• High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
• Exercises tact, courtesy and professionalism in ensuring effective team work and fostering productive relationships
• Excellent analytical, technical, planning, organizational and problem-solving skills.
• Experience delivering projects in a fast paced & changing environment
• Ability to travel periodically
• Spanish is an asset but non mandatory

At Finning, we prioritize creating a diverse and inclusive environment. We are proud to be an equal opportunity employer, and we actively encourage all individuals to express themselves and achieve their full potential. As a company, we continuously strive to enhance our outreach to individuals of all backgrounds and identities. We do not discriminate against applicants based on gender identity, race, national and ethnic origin, religion, age, sexual orientation, marital and family status, and/or mental or physical disabilities. Furthermore, Finning is committed to collaborating with and providing reasonable accommodations /adjustments to individuals with disabilities. If you require an adjustment/accommodation at any point during the recruitment process, please inform your recruiter.