Senior It Security Specialist

46833 - Toronto - Regular - Ongoing
Safety Comes First is a core value at Hydro One, and we remain committed to taking every reasonable precaution to ensure a respectful, safe and healthy working environment. Further to this commitment, we have adopted a COVID-19 Vaccination Policy to protect the health of our employees from the hazard of COVID-19. New employees will be required to declare their vaccination status to Hydro One. Employees who do not provide proof of vaccination status may not enter any 3rd party locations that require full vaccination (e.g. customer properties).
Hydro One is proud to be the largest electricity transmission and distribution provider in Ontario, serving nearly 1.5 million customers. We have a long history in the industry with our roots dating back over 110 years to 1906. Since then, we have worked to grow and evolve to meet the changing needs of our customers and communities across Ontario. Today, we’re focused on providing exceptional customer service and ensuring we are building safe communities where we live, work and play.
It’s an exciting time to join the team at Hydro One!

• NOTE* Hydro One introduced a Hybrid Work Pilot Project in 2022 for most office-based roles. Employees work in-office/on-site two days a week and remotely from home for three days a week. Hydro One is adding refreshed workspaces and technology to support these changes. Join us as we ‘trial & learn’ a new modern way of working and be a key driver of future state!

In office but with intention – a time for team and trust building, collaboration, and socialization. Please reach out to us to learn more!
The Senior IT Security Specialist will work within the OT Cybersecurity Technology & Operations team as a Defender Of Energy, protecting Hydro One Networks against Cyber Attacks and proactively assessing existing cybersecurity controls & cyber defenses.
Primary duties will include SIEM event correlation, triage and response, Vulnerability Management, Technology Management, Change Management, coordination of Penetration Testing and Project & LoB support as required. May support Threat Hunting and the analysis and dissemination of Threat Intelligence feeds.
Accountabilities

• Conduct IT security threat and risk assessments related to key and critical IT systems and networks as it relates to external threats, labor disruptions and internal wrong-doing.
• Provide day to day review analysis of the perimeter network trying to determine unauthorized access attempts, probes, pre-attack information gathering, network mapping and monitoring for unauthorized data extraction.
• Provide assistance to physical security relating to Cyber asset security by identifying critical cyber related devices and determine IT system relevance.
• Assist in the assessment of IT Security work programs focused on the prevention, detection and response to breaches and malicious behaviors targeting Hydro One’s OT systems and networks.
• Review and recommend approval for sustainment adjustments as a result of remedial actions for risk reduction
• The incumbent must possess a strong client service orientation and a desire to help the business meet their objectives.
• Remain current with the safe and effective securing of evidence on a wide variety of wired and wireless electronic devices used for and within the Hydro One business.
• Participate in the ongoing development of Hydro One Security Policy, Procedures and Guidelines.
• Provide security scans of internal computer networks to search for unauthorized devices and to detect suspicious activity.
• Provide security architecture expertise to the projects.
• Provide scans to detect suspicious clearing of system audit logs, information leaks, IT sabotage-specific detection and to identify inappropriate access or transmission of sensitive data or use and presence of hacking tools.
• Remain operationally current for all key and critical Hydro One systems and networks to ensure investigations are necessary, core operational competencies and skills will improve and ensure that the full range of potential root causes are explored without putting at risk the continued operation of the system or network.
• Review server and network security for inappropriate activity/incidents such as large amounts of unauthorized data being moved or transferred or unauthorized access to confidential and or secret data.
• Conduct complex and technical IT investigations and address general queries regarding recovery, authentication, and analysis of electronic data when an investigation involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis.
• Complete detailed investigative reports outlining the key elements, evidence collected, findings and recommendations regarding IT security investigations.
• Conduct IT Data and Cyber Security awareness programs through presentation and education.
• Utilize ISD’s 5 Stage Project Methodology when delivering security guidance and services. Manage OT CyberSecurity sponsored projects. Manage or co-manage OT CyberSecurity Operations.
• Participate in Business and OT initiated projects. Ensure that security requirements for the projects are defined and captured. Catalogue all security risks within projects, including those created within the proposed solutions.
• Work with Law Enforcement High Tech crime groups and maintain an operational skills level in order to gather and protect key IT evidence that may lead to criminal, civil (or both) court proceedings.
• Catalogue all security risks with the project, including those created within the proposed solution and those generated through project activities; Review and recommend approval for proposed technology solution.
• Assist CSS Security Consultants in responding to their work programs.

Selection Criteria

• Must be willing to travel (minimal)
• 5+ years experience supporting a vulnerability management program, analyzing vulnerability data, running VA scans (Nessus, Qualys, Nexpose, etc), working with the LOB to remediate and validate, manage and prioritize risk, support the technology in an administrative capacity, etc.
• 5+ years experience in a Cyber Security Incident Response, Analysis & Triage related role
• The ideal candidate would be able to receive a federal government security clearance that is Secret/Top Secret
• 5+ years experience with scripting languages, e.g. Python, Bash, Powershell, etc.
• Bachelor in Computer Science (or equivalent) or College Diploma in Computer Studies considered an asset
• Prior working experience in Cyber Threat Intelligence and or Cyber Threat Hunting is a nice to have
• Prior working experience in an OT/ICS environment and working knowledge and understanding of various security control frameworks including NERC CIP and NIST is highly preferred and considered an asset
• 5+ years experience with SIEM technologies (IBM qRadar, RSA NetWitness, Splunk, ArcSight, ElasticSearch, , etc)
• 5+ years in a Cyber Defense Operations role or SOC team
• 5+ years experience working hands-on with Offensive Security tools, e.g. Kali with its hundreds of pre-installed tools, Metasploit, Burp Suite, Cobalt Strike, etc.
• 5+ years of experience with hands-on technical forensic investigations (EnCase Enterprise, Autopsy, Volatility, etc.)
• 7 x 24 rotational on-call support required for high priority security incidents
• Holds one or more of the following credentials is considered an asset: OSCP, OSCE3 or CISSP
• 5+ years experience working hands-on with IPS/IDS and APT prevention technologies in an administrative capacity

At Hydro One we understand that the success and strength of our business rests with our people. When we develop their skills, we are investing in both their success and ours. To secure the best talent, we seek to create a workforce that reflects the diverse populations of the communities where we live and work and to create a culture based on safety, innovation and inclusiveness.
We are honoured to be recognized by Forbes in its list of Canada’s Best Employers for 2022.
Thank you for considering a career with Hydro One, we welcome applications from all qualified candidates. If you are having difficulty using our online application system and you need an accommodation due to a disability, please email [email protected]. Hydro One will provide reasonable accommodation for qualified individuals with disabilities in the job application process.
Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.
Deadline: May 22, 2023
In the event you are experiencing difficulties applying to this job please consult our help page here .