C.11 Information Technology Security Vulnerability Analysis Specialist

Experience levels

• Level 1: < 5 years of experience
• Level 2: 5– < 10 years of experience
• Level 3: 10+ years of experience

Responsibilities could include but are not limited to

• Review, analyze, and/or apply:
  • Threat agents analysis tools and other emerging technologies including privacy enhancement, predictive analysis, VoIP, data visualization and fusion, wireless security devices, PBX and telephony firewall
  • War dialers, password crackers
  • Public Domain IT vulnerability advisory services
  • Network scanners and vulnerability analysis tools such as SATAN, ISS, Portscan & NMap
  • Networking Protocols (HTTP, FTP, Telnet)
  • Internet security protocols such as SSL, S-HTTP, S-MIME, IPSec, SSH, TCP/IP, UDP, DNS, SMTP, SNMP
  • Wireless Security
  • Intrusion detection systems, firewalls and content checkers
  • Host and network intrusion detection and prevention systems – Anti-virus management
• Identify threats to, and technical vulnerabilities of, networks
• Conduct on-site reviews and analysis of system security logs
• Collect, collate, analyze and disseminate public domain information related to networked computer threats and vulnerabilities, security incidents and incident responses
• Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings
• Completed tasks directly supporting the departmental IT Security and Cyber Protection Program
• Develop and deliver training material relevant to the resource category

Specialties could include but are not limited to

• SSL,
• S-HTTP
• HTTP
• FTP
• Telnet
• S-MIME
• IPSec
• X.400/X.500 Directory Standards
• X.509 Certificate Protocols
• TCP/IP
• UDP
• DNS
• SMTP
• SNTP