Senior Security Analyst, Information Security

Join to apply for the Senior Security Analyst, Information Security role at First National Financial LP

Join to apply for the Senior Security Analyst, Information Security role at First National Financial LP

Get AI-powered advice on this job and more exclusive features.

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at accessibility@firstnational.ca should you need an accommodation at any point in the recruitment process.

We are hiring a Senior Security Analyst, Information Security!

Reporting To

Manager and Team Lead, Information Security

Full-Time/Part- Time

Full-time

Posting Date

June 11, 2025

Closing Date

June 27, 2025

Hours Of Work

8:30 a.m. – 5:00 p.m.

Grade

Office Location:

14.4

Toronto, ON

Great location! Steps away from the main public transit station

What We Offer

Highly competitive compensation package includes base salary, bonus, benefits, and career advancement opportunities!

• Eligibility for benefits is dependent on the terms of employment
  
  

The Opportunity

The Senior Security Analyst shall support the Vulnerability Management practice. The candidate must be proficient in vulnerability management principles to supervise the Vulnerability Management practice with a strong focus on cloud security. The candidate shall be responsible for the identification and remediation support of any vulnerabilities pertaining to First National’s IT infrastructure. Strong communication skills are required for this role to enable effective communication between various stakeholders. Problem-solving and critical thinking are also essential for this role to manage escalations and resolve conflicting priorities.

How You Will Contribute

General

• Good Program Management skills to lead, contribute, and continuously mature the Vulnerability Management program.
• Non-business facing role but an ability to build strong relationships with internal teams and security leadership is essential.
• Engage with a team of Information Security professionals, and mentor and coach other security team members to provide guidance and expertise in their growth.
• Manage third-party security partners, ensure objectives are met, and work in partnership to continuously improve processes.
• Stay updated on emerging threats to cloud infrastructure.
• Collaborate with infrastructure teams to design and implement secure cloud configurations and best practices.
• Review and assess the security posture of IT solutions by emphasizing platform security controls.
• Assist in evaluating, selecting, onboarding, and managing vendors, solutions, and consultants, as applicable.
• Perform security assessments on new and existing IT solutions and report security gaps and relevant and adequate remediation actions.
• Review security tools and threat trends and lead security analysis efforts to identify threats and vulnerabilities to the organization’s IT infrastructure.
• Actively participate in the Change Management process to review and approve changes from an infrastructure perspective.
• Participate in security incident response activities.
  
  

Vulnerability Management

• Govern vulnerability assessment projects and support penetration testing and vulnerability remediation efforts.
• Develop and implement automation solutions to streamline vulnerability detection, remediation, and reporting.
• Oversee patch management activities by maintaining compliance with First National security standards and customer security mandates.
• Analyze security threats to cloud infrastructure and recommend appropriate mitigation strategies.
• Identify, prioritize, and remediate vulnerabilities in cloud infrastructure, applications, and services.
• Monitory and analyze cloud security posture using company CSPM tools.
• Provide actionable insights to leadership and stakeholders to improve cloud security posture.
• Track and report KPIs for vulnerability management.
• Lead projects by leveraging suggestions and insights from External Attack Surface Management platforms to drive security enhancements and remediate applicable risks.
• Coordinate periodic external and internal penetration testing and supervise the remediation tracking.
• Review issues identified in external/third-party penetration tests and track them to closure.
• Coordinate with IT Application and Infrastructure teams to coach, mentor, and assist them during vulnerability remediation activities.
• Prepare periodic reports for IT and Infosec Executive Management to showcase the current security posture of the Vulnerability Management Program.
• Ensure coverage of all IT assets by including them in the vulnerability management program scope and then reconciling it with the IT asset inventory.
• Spearhead the secure configuration audits to ensure IT assets (On-Prem and Cloud) are hardened as per industry benchmarks before their deployment.
• Supervise the periodic certificate scanning and coordinate with relevant stakeholders to address security issues.
• Stay current on new and emerging threats by leveraging threat intel and analyzing their applicability to the company’s IT environment.
  

Compliance

• Perform periodic firewall rule base reviews and guide the team with remediation of the findings.
• Support the Information Security Department to provide adequate evidence to support the audit and provide responses for remediations.
• Provide guidance and supervision on Information Security compliance to ensure Security controls are functioning appropriately within the organization.
  

Security Assessments / Architecture Review / Threat Modeling

• Support in performing security reviews on new and existing systems from an infrastructure/ platform/ environment perspective and report on any deviation from the company’s security standards and industry best practices.
• Support in performing periodic threat modeling and maintaining the model for currency and tracking of any risk remediation activities.
• Assess information technology control elements to mitigate IT security risks regarding the confidentiality, integrity, and availability of information and assets
  

The Experience You Need

• 5+ years of recent operational security experience
• Experience with several of the following topics:

• Software vulnerabilities & exploitation
• Vulnerability Assessments
• Penetration Testing
  

Educational Skills And Attributes

• Post-secondary education, university education, and technical certifications are required.
• Must have a working knowledge of:

• Vulnerability Assessment and Penetration testing
• Networking fundamentals
• Cloud security fundamentals related to Azure.
• Security tools such as Nessus, Nexpose, Qualys, Nmap, Kali Linux, etc.
• MS Defender suite of products
• Good to have knowledge of
• Threat modeling
• Application Security, OWASP, etc.
• Familiarity with threat hunting and Incident Response
• Security technologies (Firewalls, SIEM, etc.)
• Familiarity with PowerBI
• Support security incident investigation efforts by sharing evidence from available tools.
• Support in analysis of Indicators of Compromise (IoC) by analyzing data from available tools.
• Certifications and Skills

• Good to have
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security+
• OSCP
• Azure Fundamentals (AZ-900)
• Excellent verbal communication skills
• Outstanding written skills for preparing reports and briefings.
• Excellent analytical and problem-solving skills
  

Working Environment And Physical Demands Analysis

• Office environment
• Periods of high volume with tight timelines
• Long periods of stationary position/sitting
• Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
• Long periods of time in viewing a computer screen
• Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program.
  
  

Why join First National?

• Competitive Compensation
• Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
• Hybrid working environment.
• Extensive training programs to set our employees up for success
• Modern office environment conducive to collaboration
• Supportive teamwork culture
• Opportunities to give back to the communities and work through events focused on a variety of charities
• Ongoing social events throughout the year
  
  

The Team You’ll Join

Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada’s largest commercial mortgage lender.

First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.

We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.

#FNLOON

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology

Referrals increase your chances of interviewing at First National Financial LP by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.