Senior Information Security Analyst

Tucows (NASDAQ:TCX, TSX:TC) is on a mission to make the Internet better by providing people everywhere with online access to be empowered to make individual contributions. As a company, we embrace a people-first philosophy that is rooted in respect, trust, and understanding to encourage freedom, inspire innovation, and promote inclusivity; creating an environment for everyone to thrive!

Tucows has been working on the Internet since the days when people unironically called it the Information Superhighway. We are a 25-year-old global start-up embracing agility and creativity in order to continually seize opportunity for growth. We have evolved from a start-up domain service provider to becoming the second-largest domain wholesaler in the world while expanding our business with Ting, an Internet services company partnering with towns and cities to change what customers expect from their Internet Service Provider. We are building fiber networks across the US and have already launched Gigabit speed service in Maryland, Virginia, North Carolina, Colorado, Idaho and California, laying the groundwork for rapid scale.

Our growth has been incredible, smart, and measured, built on a solid technical and financial foundation. We have doubled our workforce in the last 4 years and continue in rapid expansion mode, providing services to millions of customers around the world.

Job summary:

The Senior Information Security Analyst is responsible for IT security solutions and responses for all corporate and production environments. This position will be responsible for designing, maintaining, configuring, troubleshooting, auditing, and documenting the status of all security initiatives and compliance solutions, as well as assisting with planning and improving incident response procedures. The Senior Information Security Analyst role supports the technology needs of the organization and Tucows clients to provide a robust, secure, and reliable computing environment.

This opportunity is 1 year contract with possibility of extension.

Duties:

• Handles sophisticated issues and problems, receives escalations of more complex issues from lower-level staff
• Abuse mitigation, incident prevention and response, and forensic analysis of security incidents
• DDoS prevention and mitigation
• Integrate security designs to ensure the organization's proprietary information (data and systems) are safeguarded.
• Conduct application security assessments
• Investigates security breaches to determine system weaknesses.
• Conducts testing and configuration procedures across products and systems.
• Analyzes security management systems, enterprise systems, and data files to validate security.
• Performs security analysis across networks, databases, and internet/web operations.
• Evaluate security plans to ensure the integrity of new and/or existing business operations.
• Translates and designs security requirements.
• Provides management with risk assessment briefings on products and/or services.
• Contributes to the Architecture Committee by advising and delivering Information Security solutions and recommendations
• Collaborate with the Engineering and Project management teams to complete security assessments as part of the release lifecycle.

Experience and Qualifications:

• Very strong email abuse prevention and mitigation experience
• Very strong DDoS prevention and mitigation experience
• Experience securing critical production environments to meet audit requirement (PCI, SOC2, ISO)
• Strong Knowledge in DevOps and DevSecOps processes, workflows, and technologies.
• Solid experience implementing security monitoring, logging, and alerting.
• Solid experience with containerized environments and orchestration (Docker, Docker Swarm, Kubernetes) and CI/CD
• Solid experience with cloud environments (AWS, Azure, OpenStack)
• Strong experience with security vulnerabilities, exploits, and practical mitigations. Knowledge of security vulnerability testing and mitigation tools (e.g. Network Vulnerability Scanners, SIEM,PullingMusselsFromAShell0!
• and SAST/DAST technologies).
• Solid experience with the development and execution of threat assessments and security testing methodology.
• Strong experience with network technologies (e.g. firewalls, gateways, switches, routers, IDP/IPS, concentrators, load-balancers)
• Solid Experience with network application protocols and their built-in security mechanisms (e.g. TCP/IP, SSL/TLS, IPSec, HTTP, SSH, SMTP, SNMP etc.), as well as internetworking design concepts and architectures.
• Strong knowledge of email administration - postfix, SPF, DKIM, DMARC

Qualifications:

• Proven ability in Information Security
• Coding and development experience with Java, Javascript, Node.JS, Python, GitHub, shell scripting
• Bachelor's degree in computer science or a related technical field.

We believe diversity drives innovation. We are committed to inclusion across race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status or disability status. We celebrate multiple approaches and diverse points of view.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.