Information Security Specialist - Vulnerability Management (Infrastructure & Containers)

Toronto, Ontario, Canada

37.5

Technology Solutions

$91,200 - $136,800 CAD

The Senior Information security analyst is responsible for identifying, assessing, prioritizing, and coordinating responses to security vulnerabilities within the organization's systems, applications, and networks. This role requires a deep understanding of vulnerability management, risk assessment, and cross‑functional collaboration to ensure timely remediation and alignment with organizational security objectives.

• Vulnerability Management and Triage: Oversee the end‑to‑end vulnerability triage process, develop and maintain a triage framework, analyze vulnerability reports, and ensure accurate classification and assignment.
• Collaboration and Coordination: Work closely with system owners, application teams, DevOps, and IT infrastructure; act as liaison; collaborate with threat intelligence teams.
• Risk Assessment and Prioritization: Develop and maintain a risk‑based approach and establish remediation timelines.
• Process Improvement: Implement and optimize workflows, continuously review and refine policies, and stay updated on best practices.
• Reporting and Metrics: Define and track KPIs and create regular reports.
• Leadership and Team Management: Manage and mentor the triage team, provide training, and foster a security culture.

• Provide technical expertise and oversight for container scanning, prioritization, and remediation.
• Lead contributor to enterprise‑level initiatives pertaining to container security and risk remediation.
• Effectively communicate critical vulnerabilities, impacts, associated risk, and remediation priorities to cross‑functional leadership teams.
• Help build and enforce technology controls and container security standards.
• Influence behavior to reduce risk and foster a strong technology risk management culture.

• Education: Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Experience: 5+ years in vulnerability management, security operations; 2+ years in a leadership role.
• Technical Skills: Expertise in vulnerability scanning tools, knowledge of CVSS and threat modeling, strong understanding of OS, cloud, networks, and application security, familiarity with compliance frameworks.
• Soft Skills: Strong analytical and problem‑solving skills, excellent verbal and written communication, proven ability to manage multiple priorities.

• Certifications such as CISSP, CISM, CEH, or GIAC.
• Experience with threat intelligence platforms and integration.
• Familiarity with automation tools and scripting languages (Python, PowerShell).

Sans Objet