Career opportunities at Bell Canada

Senior Penetration Testing Specialist – Information Security Response

Bell is currently seeking a candidate for the position of Senior Penetration Testing Specialist – Information Security Response. Reporting to the Senior Manager, Information Security Response, the candidate is responsible for the design and performance of application security robustness tests as part of the vulnerability assessment and penetration testing program for Corporate Security’s Information Security organization. The specialist will assist with the identification and tracking of remediation of risk issues, advise on mitigation safeguards, processes and security best practices and act as a spokesperson and expert on related subjects.

Responsibilities:

 Perform security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques.

 Proficiency with application and network vulnerability analysis in areas such as secure coding practices, network design and operation, software development life cycle and cloud application security.

 Experience with and expertise in designing secure software development lifecycles with code review processes and in triage and identification of website security vulnerabilities for penetration testing and manual assessment.

 Ability to produce, review and advise on web application architectures, application hardening guides and policies and configurations for incident response and event management.

 Experience with design and deployment of configuration with Web Application Firewall for website security purposes

 Document analysis results, identify security risks, produce reports and present to technical and executive stakeholders. Track vulnerability risks to closure with GRC and participate in on going GRC use case development.

 Possesses proven track record and experience delivering cyber security testing services and mitigation recommendations taking constraints into account, and oversee implementation that meet objectives.

 High degree of initiative, dependability and ability to work with little supervision.

Required qualifications:

 Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent.

 Seven (7) years’ experience in information security

 In depth knowledge of security testing tools and methodologies, including penetration testing and vulnerability assessment tools, and associated result analysis.

 In depth knowledge of networking design, routing and firewall segmentation of networks.

 The following certifications are an asset: CSSLP, CISSP, CEH, GPEN, OSCP, Cisco/Fortinet security certifications

 Sound document writing skills

 Good knowledge of common office tools.

 Ability to communicate in French is an asset

 Existing Secret clearance or ability to obtain is preferred

Note:

The successful candidate must successfully go through extensive background verifications including but not limited to criminal record and reputational checks

All Security personnel are required to sign a letter of non-disclosure which prevents them from divulging sensitive information that they may be exposed to during their assignment. This policy is strictly enforced.

Behaviour skills:

 Initiative

 Sense of collaboration (teamwork)

 Interpersonal Skills

 Ability to influence

 Compliance with commitments

 Results Orientation

 Verbal and written

 Supervision and monitoring

To apply, contact Marlon Gibbs :

marlon.gibbs@bell.ca

Senior Cyber Security Incident Handler – Information Security Response

Bell is currently seeking a candidate for the position of Senior Cyber Security Incident Handler – Information Security Response. Reporting to the Senior Manager, Information Security Response, the candidate is responsible for the development, coordination and response during and before cyber security incidents across Bell Canada’s enterprise network, business units and subsidiaries. The cyber incident handler will identify threats, initiate response and coordinate enterprise wide recovery.

Job Duties/Accountabilities:

 As a key member of Bell’s CIRT (Cyber Incident Response Team), participate in the response to cyber threats and incidents and engage directly with operational teams, stakeholders and leadership

 Respond to incidents and coordinate stakeholders in the identification, containment, impact assessment and remediation of cyber threats

 Perform and conduct network forensics, endpoint and application log analysis to identify and contain cyber threats

 In collaboration with Bell SOC and analysts leveraging SIEM, determine use case improvements for SIEM log correlation and for security analytics

 Develop methods to leverage Cyber Threat Intelligence in the identification and triage of threats

 Develop new automation opportunities through the orchestration of incident response processes and playbooks for managing cyber threats

 Lifecycle management of cyber incidents including ticket resolution, reporting of key metrics and creation of reporting dashboards and analytics

 Analyse security information and artifacts such as scan results, logs, and files in all phases of incident response. Participate and define incident handling methodologies to proactively manage security risk

 Document analysis results, identify security risks, produce reports and present to technical and executive stakeholders. Track incident risks to closure with GRC and participate in on going GRC use case development

 High degree of initiative, dependability and ability to work with little supervision

Critical Qualifications/Competencies:

 Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent

 Seven (7) years’ experience in information security

 In depth knowledge of TCP/IP, Firewall/IPS/HIPS, Forensics, Vulnerability management, SIEM log correlation

 Knowledge of Malware mitigation techniques, Network security, Advanced malware protection mechanisms and Breach Detection response technology

 The following certifications are an asset: GCIA, GCIH, CISSP, EnCE