//   Careers

Senior Security Specialist

Location: Multimatic IT, Markham, Ontario, Canada

Posted: May 11th, 2023

OVERVIEW:

Multimatic is a privately held, global enterprise supplying engineered components, systems and services to the automotive industry. The company’s core competencies include the development and manufacture of complex mechanisms and body hardware, suspension systems and body structural components as well as the design, engineering and development of light weight composite automotive systems.

POSITION SUMMARY:

Multimatic IT Security team is looking for an enthusiastic security specialist to lead and further improve the capability of the company’ vulnerability and risk management program. The specialist will work with technical teams across various functions of IT and ensure the consistent, robust, and efficient approach to defending the company’s applications, databases, data repositories, middleware, servers, networks, and end points from a cyber-attack resulting from unpatched security vulnerabilities. Being an integral part of the IT Security team, giving input to help aid decision making and the identification of new security risks and causes. The IT Security Specialist will report to the Director IT Security.

WHAT WILL YOU DO:

  • Manage the life cycle of application, Operating system, Middleware, Data Base , Network security vulnerabilities, from identification to validation and remediation
  • Develop a formalized threat and vulnerability management program including a fully accessible and manageable CMDB / inventory of assets (or a combination of such systems resulting in this capability)
  • Enhances the current patching standards and processes and cover vulnerabilities across all system assets (operating systems, applications, network, Data Base , Middleware , IoT, OT)
  • Tracks the CVSS DB entries and receives daily alerts from several external sources
  • Partners with the other security functions and IT to understand the data flow across systems to understand the exposure risk and attack surface for a specific vulnerability to prioritize actions and risk responses
  • Proactively establishes good working relationships with external sources and other key parties
  • Perform regular security analysis of items assigned by management
  • Fulfill risk assessments around vulnerability and threat management and supports the risk assessment process and documents findings in the risk register
  • Analyze, produce current state documentation and deliver regular reports to management regarding projects affecting vulnerability and threat management capability
  • Forecast updates on the threat landscape or other critical issues with the development of a security intelligence capability
  • Provide influence over the overall information security program via attack surface reduction efforts
  • Determine security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses, threat modeling and risk assessments, studying architecture/platform, identifying integration issues, preparing cost estimates
  • Design security systems by evaluating network and security technologies, developing requirements for Application offerings, DDoS protections, and related security and network devices
  • Drive developers and engineering managers to adopt architectural changes in security and adapt to the emerging security requirements and technologies, coach engineers to overturn assumptions and think big
  • Collaborate effectively with peer Architects and Application development teams to solve complex problems spanning their respective areas and resolve technological disagreement with informed, rational debate
  • Lead security projects from inception to creation of guidelines used to deployed security components into production

WHAT DO YOU NEED TO SUCCEED:

  • 5 + years of Information Security in various disciplines
  • Knowledge of security frameworks such as, ISO 27001/27002, NIST, OWASP, MITRE and Secure system development lifecycle (sSDLC)
  • Proven experience with Vulnerability Management, Threat Modeling, Threat Hunting
  • Degree/equivalent professional qualification or demonstrable experience in the field of Information Security
  • Proven track record in information/cyber security disciplines (Manufacturing industry)
  • Demonstrated leadership in the realm of information security to internal and external customers
  • Knowledge of common attack methodologies
  • Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems
  • Sound knowledge of network protocols, operating systems, and management systems with hands-on experience
  • Linux and Windows Administration Skills
  • Knowledge of OSI layer, Common Security Attacks in the OSI Layer Models
  • TCP/IP networking and standard protocols (FTP, SMTP, HTTP, SNMP)
  • Appropriate security certifications, such as CISSP, CISA, C|EH, CCSP

 KEY TRAITS FOR SUCCESS:

  • Passionate about Information Security and suggesting new technical and procedural solutions to improve security vulnerability detection and management
  • Able to quickly understand security vulnerability risk, issues and problems and take a logical problem-solving approach to their resolution
  • Positive and proactive in adding value in all areas of work
  • Passionate about success and continuous improvement
  • Effective verbal and written communication
  • Flexibility and willingness to learn new skills
  • Desire to innovate and to try new approaches to existing ways of working

WORKING ENVIRONMENT:                                                                                                                             

  • Office environment: approximately 15% travel required to local Multimatic office/production locations

Closing date for applications is June 9th 2023

If you are interested in this position, apply by sending us your cover letter and resume.
We thank all interested candidates in advance; however, only individuals selected for interviews will be contacted.
As part of our commitment to ensuring our employment practices are fair, accessible, and inclusive of persons with disabilities, recruitment-related accommodations for disabilities, are available upon request throughout the recruitment and assessment process for applicants with disabilities.
Apply Now