Share this Job

Security Analyst III -Rapid7/Nexpose

Apply now »

Date: Jan 9, 2019

Location: Mississauga, ON, CA

Company: TJX Companies, Inc.

Are you ready to explore career opportunities at TJX Canada and join our team?  TJX Canada is part of The TJX Companies, Inc., the world’s leading off-price retailer of apparel and homeware worldwide, and in Canada, our retail chains include Winners, Marshalls and HomeSense.

In the retail business, we move fast. We’re always adapting, evolving and innovating. And the fast pace brings variety and challenge, along with many growth opportunities.  We operate hundreds of stores in hundreds of cities.

TJX’s retail chains include TJ Maxx, Marshalls, HomeGoods and Sierra Trading Post in the United States TK Maxx in the United Kingdom, Ireland, Germany, Poland, Austria and the Netherlands, as well as HomeSense in the United Kingdom and Ireland; and TK Maxx in Australia.

As a retailer committed to growth, success is always in style at TJX!

Layla is a Senior Rapid7/Nexpose Engineer in our Systems Department.  She is responsible for our security tools suite.  As a security analyst on this team you will focus on maintaining, improving and optimizing our tools.  You will scope and deliver business and risk metrics relating to service performance, identify/recommend/implement process and technology improvements and perform security reviews.

 

It’s easy to create a team. But what makes the team work? We believe it’s having individuals like Layla  on board. She creates momentum by inspiring colleagues to think outside the box and share ideas freely. Teamwork means striving for a work environment where each team member is valued for their individual talents and ideas.  And that’s how Layla contributes here with us.

 

Now, if you were to come on board as one of our Senior Rapid7/Nexpose Engineer, we’d ask you to do the following:

 

  • Performs all procedures of basic to high complexity necessary to ensure the core objectives of IT Security.  Reviews and maintains security operations for large organizational units and/or complex enterprise-wide projects
  • Serves as technical lead on functional teams or projects and serves as a best practice / quality resource
  • Performs basic to complex security reviews to ensure compliance with internal security standards and regulatory requirements
  • Interfaces with user community to understand their security needs.  May implement procedures to meet user needs
  • Acts as a subject matter expert for at least one area within IT Security (ITIM, SOC, etc.) to ensure that the user community understands and adheres to necessary procedures to maintain security
  • Conducts accurate evaluations of the level of security required for highly complex systems.  Provides management with status reports
  • Performs root cause analysis of moderately complex to highly complex security issues and determines the best course of action to remedy the problem
  • Performs other duties as required
  • Investigates and resolves security incidents as needed
  • Ensures that IT Security architecture / designs, plans, controls, processes, standards, policies, and procedures are aligned with IT standards and overall IT Security objectives
  • Identifies security risks and exposures, determines the causes of security violations, designs and implements procedures to prevent and mitigate future incidents
  • Able to create and execute short to medium term strategies
  • Proactively Determines if an event needs to be escalated to management or outside of the unit
  • May recommend new policies and procedures to management and has wide latitude to decide on the best course of action for new procedures
  • Recommends course of action for low to moderately complex situations
  • May provide guidance and training to more junior associates
  • May provide budgetary recommendations for future projects / security tools / applications

 

Sounds rather challenging and exciting, right? Let’s hope so, because if it sounds easy or boring, there’s a good chance this job isn’t for you. But if it does sound right for you, here’s why we know you’ll be able to handle those challenges.  You have:

 

  • 6+ years of IT experience with 5+ years of direct experience in a Security Engineering role.
  • Must have experience in engineering Rapid7 Nexpose, Symantec CCS, Tripwire or equivalent tools
  • Must have solid understanding of applications and system architectures and best practices
  • Deliver technical security configuration expertise in implementing enterprise-wide vulnerability and compliance ecosystem
  • Act as trusted security professional with ability to provide strategic and technical direction in leading activities in computer security concepts including Identity & Access Management, Network Security, Application Security, Incident Management, and Risk & Compliance
  • Experience understanding operational and security requirements and translation of those requirements into technical capabilities. We’ve a particular interest in candidates with hands-on experience with Rapid 7 Nexpose, CCS and Tripwire
  • Ability to mentor and coach IT Security professionals
  • Ability to effectively communicate and advocate key security requirements and control implementation to development team
  • Must have development skills and a solid understanding of secure SDLC
  • Knowledge and understanding of information technology industry trends and emerging technologies and an ability to relate them to the company and its objectives
  • Familiar with IT Regulations, PCI/Sarbanes-Oxley/Mass Privacy laws
  • Bachelor's Degree or equivalent experience
  • Relevant security industry certifications preferred including but not limited to CISSP, SSCP, and CISM etc.
  • Must have expert level understanding of computer security concepts including Identity & Access Mgmt, Network Security, Application Security, Incident Management, or Risk & Compliance
  • Must have a moderate understanding of network concepts and protocols (such as DNS, SMTP, FTP, etc.)
  • Expert knowledge and understanding of information technology industry trends and emerging technologies and an ability to relate them to the company and its objectives
  • Excellent aptitude for IT Security
  • Familiar with IT Regulations, PCI / Sarbanes-Oxley / MA privacy laws
  • Solid working knowledge with MS Office
  • Expert knowledge of tools and products used in day to day performance (e.g. SourceFire, ITIM, ArcSight)

Success is our favorite outfit! As proud as we are of our past success, it’s our future that excites us most. We strive to provide opportunities for growth, recognition and a competitive salary and benefits package. Share our determination to think bolder and bigger and be part of our future. Apply now.

Here at TJX Canada we are an equal opportunity employer committed to the inclusion and accommodation of all individuals. For additional assistance please email accessiblecareers@tjxcanada.ca.


Job Segment: Engineer, Law, Compliance, Corporate Security, Engineering, Legal, Security