Deploy, administer, and continuously enhance Mandiant Security Validation (MSV) within the Security Visibility program, including onboarding/updating adversary emulation content, scheduling and tuning validation runs, integrating results with detection/response processes, and producing actionable reporting/metrics to drive control and detection improvements.
Analyze information systems utilizing various cybersecurity techniques and lead security initiatives and enterprise level projects implementing security solutions and performing POC/POV for new technologies.
Able to work independently with high degree of ambiguity and deliver expected outcomes, be focused on the end deliverables, and build trust with internal clients and peers.
Responsible to deploy, support and maintain new and existing security technologies that are deployed within Sun Life and owned and supported by the team.
Implement risk driven security controls and provide SME (Subject Matter Expertise) during Audit.
Investigate and respond to security incidents, adhering to defined SLA’s..
Identify risks to the business and recommend strategies to address those risks.
Manage the capacity and resiliency of security systems protecting Sun Life’s internal and client data.
Collaborate and build trust with security peers, vendors, and other Sun Life teams to enhance security posture and best practices.
A change catalyst for Digital transformation, using JIRA, Confluence, estimating stories, setting definition of done, completing and tracking story updates and assignments.
Smoothly transition and operationalize projects and products. This includes developing roles & responsibilities (RACI), completing product documentation and educating the teams who will be performing BAU (Business as usual) the day-to-day work.
Document, update and maintain cyber security playbooks, policies and knowledge base articles used to support the established Incident Management and CSIRT processes.
Continuously improve operational and security platform processes.

Requirements

Minimum 5-7 years Information security and engineering experience with enterprise level security technologies in the one or more areas of: Perimeter, Endpoints, Crypto, Cloud, Email Security, Security Visibility, and Automation and Orchestration
Minimum 3-year experience in successfully leading global information security projects.
Previous security related experience in penetration testing, security investigations, or red team exercises
Experience with security control validation (e.g., MSV), including MITRE ATT&CK mapping, translating findings into detection/control improvements, and communicating outcomes using clear reporting and metrics.
An Information Technology University degree/college diploma in related discipline(s) or equivalent work experience
Experience with security validation / breach-and-attack simulation platforms (e.g., Mandiant Security Validation (MSV)), including adversary emulation and using results to improve control effectiveness and detection coverage.
Experience in managing 3rd party security service providers in delivering security services.
Broad exposure to multiple security disciplines and in-depth exposure in Incident Response or Detection Engineering
Knowledge of a broad range of security controls and risk management frameworks NIST & (ISO) 2700x standards
Experience planning, researching, and developing security policies, standards, and procedures.
Experience in a system administration role supporting multiple platforms and applications.
Experience with Windows and Linux based operating systems.
Experience in deploying enterprise level technology via managed projects using Scrum and Kanban methodologies.
Knowledge of networking technologies, firewalls, web application firewalls and intrusion detection and prevention systems.
Knowledge of AWS cloud technologies.
Knowledge of disaster recovery, technologies, and methods.
Extensive knowledge of Information Security principles, protocols, practices, and industry standards

Benefits

Wellness programs that support the three pillars of your health – mental, physical, and financial
The opportunity to move along a variety of career paths with amazing networking potential.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securitysecurity engineeringpenetration testingsecurity investigationsred team exercisessecurity control validationadversary emulationincident responsedetection engineeringrisk management frameworks

Soft Skills

independent worktrust buildingcollaborationchange catalystcommunicationproject managementproblem solvingadaptabilityleadershiporganizational skills