Senior Security Analyst - Cloud Security, Information Security

Toronto, ON, Canada

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation, and any other category protected by law.

We support requests for accommodation from applicants with disabilities; please contact Human Resources at accessibility@firstnational.ca if you need an accommodation during the recruitment process.

Reporting To:

Manager and Team Lead, Information Security

Full-Time/Part-Time:

Full-time

Posting Date:

May 2, 2025

Closing Date:

May 16, 2025

Hours of Work:

8:30 a.m. – 5:00 p.m.

Location:

Toronto, ON — steps away from the main public transit station

Highly competitive compensation package including base salary, bonus, benefits, and career advancement opportunities! *Eligibility for benefits depends on employment terms.

The Senior Security Analyst will support the Vulnerability Management practice, focusing on cloud security. Responsibilities include identifying and remediating vulnerabilities in First National’s IT infrastructure. Strong communication, problem-solving, and critical thinking skills are essential for managing escalations and conflicting priorities.

• Lead and mature the Vulnerability Management program with good program management skills.
• Build relationships with internal teams and security leadership.
• Mentor and coach security team members.
• Manage third-party security partners.
• Stay updated on emerging threats to cloud infrastructure.
• Collaborate on designing secure cloud configurations.
• Assess security posture of IT solutions and recommend improvements.
• Evaluate and manage vendors and solutions.
• Perform security assessments and report findings.
• Review security tools and analyze threats.
• Participate in Change Management and security incident response activities.

• Oversee vulnerability assessments, penetration testing, and remediation efforts.
• Develop automation solutions for vulnerability detection and reporting.
• Manage patching activities and compliance.
• Analyze threats and recommend mitigation strategies.
• Use CSPM tools to monitor cloud security posture.
• Report KPIs and security status to leadership.
• Lead projects using insights from Attack Surface Management platforms.
• Coordinate penetration testing and remediation.
• Mentor teams during vulnerability remediation.
• Maintain comprehensive reports on vulnerability management.
• Ensure all IT assets are included in the vulnerability scope.
• Conduct configuration audits for IT assets.
• Supervise certificate management and address security issues.
• Stay current on emerging threats through threat intelligence.

• Review firewall rules and guide remediation.
• Support audit processes with necessary evidence.
• Ensure security controls are functioning properly.

• Perform security reviews of systems and report deviations.
• Maintain and update threat models.
• Assess controls to mitigate security risks.

• 5+ years of operational security experience.
• Experience with Vulnerability Assessments and Penetration Testing.

• Post-secondary education and relevant certifications.
• Knowledge of vulnerability assessment, cloud security (Azure), and security tools (Nessus, Nexpose, Qualys, Nmap, Kali Linux, MS Defender).
• Preferred knowledge: Threat modeling, Application Security (OWASP), threat hunting, incident response, firewalls, SIEM, PowerBI.
• Certifications: CEH, CISSP, Security+, OSCP, AZ-900 are advantageous.
• Excellent report writing, analytical, and problem-solving skills.

• High-volume periods with tight deadlines.
• Sitting and computer use for extended periods.
• Multitasking, including communication and data analysis.

• Competitive compensation and comprehensive benefits.
• Hybrid work environment.
• Training programs, modern office, supportive culture, community involvement, and social events.

Founded in 1988, First National is a leading Canadian mortgage lender, recognized as a great place to work with high employee engagement.

We thank all applicants; only those selected for interviews will be contacted.