Our client in the public sector is seeking a contract based Data Analyst to support their Cyber department.
Duration: 6 months + extension
Hybrid: 3d/week Toronto
Responsibilities
• Deliver comprehensive Vulnerability Management reporting and metrics, including KPIs and KRIs.
• Perform regular vulnerability, discovery, and policy scans across IT and OT systems.
• Configure and maintain asset tagging (criticality, ownership, function, location, etc.).
• Generate and present scheduled scan reports
• Conduct policy compliance scans against CIS benchmarks and relevant industry standards.
• Issue patch advisories and coordinate remediation efforts with stakeholders.
• Support onboarding of new entities for both IT and OT domains.
• Manage VM operational activities, including system maintenance and dashboard configuration.
• Develop custom dashboards to display vulnerability data tailored to specific divisions and agencies.
• Leverage threat intelligence and contextual data to improve vulnerability prioritization.
• Collaborate with cross-functional teams to recommend and implement mitigation strategies.
• Contribute to initiatives that expand vulnerability management coverage and maturity across the enterprise.
Requirements
• 3–5 years of hands-on experience in vulnerability management using Tenable IT and OT stacks.
• Proven experience in identifying, assessing, and remediating vulnerabilities within large or complex government or private-sector environments.
• Solid understanding of Operational Technology (OT) systems such as SCADA, ICS, and other industrial control environments.
• Familiarity with OT security standards (IEC 62443, NERC CIP, or similar).
• Experience integrating vulnerability management tools with SIEM, EDR, ITSM, and Threat Intelligence platforms.
• Cybersecurity certification (e.g., CISSP, CEH, OSCP, or equivalent) required.
• Technical certifications (e.g., Tenable Vulnerability Management Specialist, OT Security certification) are an asset.
• Strong grasp of networking protocols, operating systems (Windows, Linux), and cybersecurity principles.
