Must posses a minimum of four (4) years of experience with a minimum of six (6) of the following:

• Internet security protocols such as SSL, S-HTTP, S-MIME, IPSec, SSH
• TCP/IP, UDP, DNS, SMTP, SNMP
• Operating Systems such as MS, Unix, Linux, and Novell
• Intrusion detection systems and firewalls
• Approved GoC Cryptographic Algorithms
• Directory Standards such as X.400, X.500, and SMTP
• Networking Protocols (e.g., HTTP, FTP, Telnet)
• Network routers, multiplexers and switches
• Network hardening (for example: shell scripting, service identification)
• Wireless technology
• Technical threats to, and vulnerabilities of, networks
• Technical IT Security safeguards

AND

Must posses a minimum of three (3) years experience within the last eight (8) years in a minimum of 5 of the following :

• project management support to IT Security related projects; (2) requirements analyses and studies;
• options analyses;
• preparation of Statements of Work;
• provision of technical and administrative support to GoC for IT Security and Information Infrastructure Protection requirements analysis, concept definition, strategy development, planning, implementation and co-ordination activities;
• mathematical risk modelling;
• data security designation/classification studies;
• development of IT Security policy in the areas of:
• IT Security and assurance,
• standard C&A frameworks for IT systems,
• Information Infrastructure Protection,
• product evaluation,
• privacy,
• BCP,
• Contingency Planning and DRP, and
• R&D;

development of IT Security standards, procedures and guidelines pursuant to the requirements of:

• the NSP, GSP and supporting operational standards (e.g. MITS),
• departmental/agency  security policy, and
• other relevant standards, procedures and guidelines;
• development of iT Security risk assessment methodologies for application to GoC institutions;
• drafting terms of reference for IT Security specialists;
• drafting IT Security Service Level Agreements (SLAs);
• product evaluation policies, procedures and guidelines;
• product assessment methodologies, evaluations and reports;
• security architecture design and engineering support;
• IT software and hardware security products;
• IT  Security  protocols  at  all layers  of  the  Open  Systems  Interconnection   (OSI)  and
• Transmission Control Protocol I Internet Protocol (TCP/IP) stacks; (18) IT Security implementation support;
• activities related to authorization and authentication in physical and logical environments; prototype design and development;
• design/development of IT Security protocols;
• impact analysis for new software implementations, major configuration changes, and patch management;
• Public Key Infrastructure  (PKI) support, including:
  • interoperability and governance studies,
  • PKI Certificate Policy development,
  • PKI Certification Practice Statement development,
  • PKI Certificate Policy compliance inspections and audits, and
  • PKI Training;
• tasks directly supporting the departmental IT Security and Cyber Protection Program; (25) information backup strategies;
• Communication Security (COMSEC) and cryptographic product management;
• anti-virus management;
• (safeguard analysis and implementation for the physical protection of personnel and
• Information System (IS) assets;
• IT Security configuration management;
• security awareness, training, and knowledge transfer as follows:
• drafting and delivering departmental specific security awareness briefings,
• preparation of written and electronic security awareness bulletins and topics of interest, and
• preparation and conduct of courses, workshops,  and tutorials;
• Independent Verification and Validation (IV&V) support to IT Security related projects including:
• IT Security audits, including applicable reports, presentations and other documentation,
• reviews of contingency plans, BCPs and DRPs,
• development and conduct of tests and exercises, and
• project oversight;
• IT Security statistical analyses;
• system installation, configuration, integration, policy fine-tuning, operation, performance monitoring, and fault detection for:
• host and network intrusion detection and prevention systems,
• network and computer forensics systems,
• firewalls, VPNs, and network devices,
• enterprise network vulnerability tools, malicious code and content management tools, file integrity tools,
• remote management utilities,
• Enterprise Security Management (ESM)/ Security Information Management (SIM) systems,
• data preservation and archiving utilities, and
• threat agents analysis tools and other emerging technologies including privacy enhancement, predictive analysis, VoiP, data visualization and fusion, wireless security devices, PBX, and telephony firewall;
• system installation, operation, performance monitoring, and fault detection
• preparation of tailored IT Security alerts and advisories from open and closed sources;
• preparation and/or delivery of IT Security threat, vulnerability and/or risk briefings;
• analysis of iT Security tools and techniques;
• analysis of security data and provision of advisories and reports;
• onsite reviews and analysis of system security logs;
• incident analysis support, including:
• response mechanisms,
• coordination of all prevention and response plans,
• Emergency Operations Centre (EOC) activities,
• coordination  with the national Integrated Threat Assessment Centre and
• Government Operations Centre, and
• participation in the Integrated National Security Framework and National
• Cyber-Security Strategy;
• collecting, collating, analyzing, and disseminating public domain information related to networked computer threats and vulnerabilities, security incidents, and incident responses;
• research of open source material with a view to analyzing trends and emerging technologies;
• developing proof-of-concept models and trials for IT Security;
• analyses of R&D reports;
• participation in national / international R&D forums; and
• establishing and maintaining liaison to monitor, track and report on other nations' Information Infrastructure Protection initiatives, with the objective to assist the GoC in developing cross-border initiatives to the benefit of Canada.

AND

Must posses a minimum of three (3) of the following professional qualifications:

• CISSP / ISSEP from (ISC)2
• CISSP from (ISC)2
• CISSP / ISSAP from (ISC)2
• CISSP / ISSMP from (ISC)2
• CISM from ISAC
• CPP from ASIS
• CISA from ISACA
• GIAC / Any Silver audit certification
• GIAC / Any Silver Sec. Adm. certification
• GIAC / GSFP, GEIT Gold management certification
• Registration/licence to practice professional engineering in Canada

AND

Must posses a minimum of ten (10) courses successfully completed in the past eight (8) years.

Must meet one of the following:

University Degree in Computer Science, Engineering, Physical/ Natural Sciences, Mathematics, Criminology, Law, Political Science, International Relations, Economics, Public Administration, or Business, and a minimum of two (2) years cumulative experience in the last eight (8)  years in designing and/or implementing network security solutions

OR

College Diploma (two or three year program) in Computer Engineering Technology, Computer Technology (computer science), or IT Security, and a minimum of three (3) years cumulative experience in the last eight (8) years in designing and/or implementing network security solutions

OR