Vulnerability Management Specialist

You will lead the identification, reporting, and monitoring of all vulnerabilities affecting Moneris. Also, the Vulnerability and Penetration Testing specialist will lead the scoping, designing, and planning of penetration testing initiatives.

You will also have key responsibilities in reporting weekly and monthly vulnerability metrics to the Sr. Manager and CISO. Additionally, you will ensure continuous vulnerability scanning and reporting practices following PCI and Audit requirements.

In addition to maintaining routine vulnerability scanning and assessment efforts, you will monitor the threat landscape to assess, identify, report, and improve any vulnerability that may threaten Moneris.

Location: You will be based in our Toronto office and will work in a Hybrid model.

Reporting Relationship: You will report to Senior Manager, Security Operations.

• Monitor the threat landscape to assess, identify, report, and remediate any vulnerability that may pose a threat to Moneris.
• Conduct routine vulnerability scans and assessments on all assets and applications.
• Identify and report all vulnerabilities, security gaps, and weaknesses.
• Promote ongoing relationships with key stakeholders responsible for vulnerability remediation activities.
• Collaborate and plan VM assessments with external business partners.
• Scope, design and execute all penetration testing efforts.
• Lead ad-hoc penetration testing efforts and related projects.
• Produce weekly and monthly metrics on vulnerability status and remediation efforts to the Sr. Manager of Security Operations and CISO.
• Meet all PCI and Audit requirements concerning Vulnerability Management.
• Partner with application security and development teams on application-related vulnerabilities.
• Become an important player to the Moneris Vulnerability Management strategy and Cyber Security vision.

• Work experience in Vulnerability Management and Penetration Testing planning.
• Demonstrated understanding of vulnerability management standards (e.g., NVD, CVE, CVSS, CWE, OWASP and others).
• Experience in management and configuration of vulnerability assessment platforms (e.g., Rapid7 Insight VM, Nessus, Qualys VM, Kenna, Burp Suite, ZAP and others).
• Experience with administration of ITSM solutions used for vulnerability tracking and reporting (Service Now SecOPS VM module, JIRA and others).
• Knowledge of Risk-Based Vulnerability Management (RBVM) software and methodologies.
• Familiarity with Cyber Kill Chain, MITRE AT&CK, NIST CSF and other frameworks.
• Experience in developing and maintaining standard operating procedures for vulnerability management.
• Reporting background.

• Experience with multiple cloud providers (Azure, Google, Amazon) and knowledge of how to identify and improve vulnerabilities on these platforms.
• Experience with automation and orchestration tools or scripting.

• Comprehensive Total Rewards Program including bonuses and flexible benefits plans starting from Day 1.
• Learning & development programs and resources including unlimited free access to LinkedIn Learning, Coursera and an Educational Assistance Program.
• Holistic approach to your well-being, with an Employee Assistance Program for you and your family, monthly wellness events and a supportive workplace culture.
• Company-wide paid year-end closure & personal time off (including religious, personal, and volunteer days).

Find out more about the work perks and benefits you get as a Moneris employee at Moneris.com/careers

#LI-Hybrid

Note: We welcome and encourage applications from Indigenous peoples, people of colour, people with disabilities, people of all genders, sexual orientation and intersectional identities.

We acknowledge that people from equity-deserving groups (including racialized individuals, women, gender diverse individuals, individuals with disabilities, neurodivergent individuals, members of 2SLGBTQIA+ communities and those born outside of Canada) are less likely to apply for jobs unless they feel they meet all the requirements posted. At Moneris, we believe candidates bring experience to their work in many ways. We encourage you to apply and share, in the application form, the transferrable experience you bring, and how this will support your success in this role.

Moneris is Canada's largest financial technology company that specializes in payment processing.