Security Analyst



Posting Date

November 23, 2018

Position type




  • Overseeing the configuration, monitoring, logging, testing and assessment of various security and access control systems protecting the Firm’s information assets.
  • Working closely with managed security services, engaged third party service providers, external customers and supporting Information Security by preparing progress reports on metrics and trends, and projections for management reporting, as required.
  • Ensuring day to day IT operations are performed in accordance to security best practices.
  • Conducting the investigation of security incidents under the direction of the Manager, IT Security and in accordance to the IT Security management practices. This includes coordination of activities with IT and business teams in the Firm and external stakeholders.
  • Organizing and supporting various internal teams, and liaising with colleagues throughout the Firm to support the overall effectiveness of the information security function through projects as well as day to day operations.
  • Contributing to the identification and evaluation of information security threats.
  • Responding to network and system intrusion incidents and analyzing network traffic and system logs to recommend corrective action.
  • Participating in the biannual review of the firewall rule-set and periodic reviews of identity access management.
  • Developing and executing penetration testing process.
  • Planning, testing and designing controls, and evaluating operational plans, requirements and designs from an information security perspective.
  • Consulting on site and facility design from an operational security perspective.
  • Participating in incident response and management with participating in control monitoring.
  • Participating in various projects to provide subject matter expertise and advice from an information security perspective
  • Ensuring IT Technical Infrastructure documentation is developed, maintained and knowledge is transferred among IT stakeholders
  • Maintaining awareness of current and emerging threats and staying abreast of current technologies, developments, security compliance requirements, standards and industry trends.


  • University degree or equivalent in Information Technology or Information Security.
  • Minimum of 5 years of hands-on experience as a Security Administrator, Support Engineer or Consultant or similar IT roles involving frequent customer contact.
  • Experience with ISO 27001/27002 and/or Top 20 Critical Controls required.
  • Experience with information security risk assessment methodologies required.
  • CISSP, CISA, or CISM certification required
  • CEH or GPEN certification a strong asset
  • Experience with PEN testing
  • Strong written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • A critical thinker with strong problem-solving skills.
  • Knowledge of technological trends and developments in the area of information security and risk management.
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
  • Strong organizational skills, with a high attention to detail.
  • Role requires after-hours, weekend and holiday availability regularly

Qualified candidates are invited to submit their resume to:

E-mail : [email protected]

McCarthy Tétrault is an equal opportunity employer that fosters an inclusive, equitable, and accessible environment. We thank all applicants for their interest in McCarthy Tétrault; however, only chosen applicants will be contacted. We regret that we are unable to respond to individual inquiries about application status.