The Opportunity

ZEMA Global Data Corp. (ZEMA) is a global leader in developing enterprise data management and analysis software. We design and develop ZEMA, a sophisticated suite of products that provides clients with robust capabilities for data collection, process automation, and business intelligence through web-based analytical tools, services, and dashboards. We work with world-class energy, commodities, and finance companies to serve users in trade, risk management, and IT. Our UK office is located in Brighton, UK. Our head office is located in Richmond, BC, Canada, and we have operations in Calgary, Houston, Raleigh, and Singapore. 

Job Summary

The Information Security & Compliance (ISC) team in ZE is growing. We are looking for a passionate information security expert to join our ZE family and help us improve our security posture. At ZE, Information security and privacy matters are top priorities from top management to all ZE teams and staff. ZE is committed and responsible for providing a secure, reliable environment for our world-class clients across the globe. The successful candidate will have the opportunity to learn and gain valuable security experience dealing with various technologies and domains and build up their security journey. The job location is in ZE Head Quarters in Richmond, B.C.

Job Description: 

• M365 Security Solution Deployment and hardening: Deploy, configure, and manage M365 security solutions including Defender series (office 365, Endpoint, Cloud Apps, Identity, BitLocker encryption), conditional access, Privileged Identity Management (PIM) and Intune. Implement hardening measures within M365 to enhance the security of ZE environment.
• Active Directory Security: Use of appropriate tools (i.e. Pingcastle or bloodhound) to review and remediate vulnerabilities on Microsoft Active directory. Implementation of Least privilege on active directory using an effective framework. 
• Follow up with ITS and ensure remediation of the alerts from security monitoring tool (malware analysis, threat hunting, alerts from security system & devices (AV, email gateway, Firewall, network devices, AD Audit+ etc.)
• Ensure the appropriate security scanning technologies are properly configured and managed.
• Run and analyze vulnerability and compliance scans to support vulnerability management and report all critical vulnerabilities and their status to the ITS team, Director, Quality & Compliance, and other relevant stakeholders.
• Ensure security event and cyber threat monitoring, analysis and reporting including documentation and mitigation of discovered cyber risks.
• Security Incident Handling: Investigate security alerts, analyze, and respond to security incidents. Act as the escalation point for security incident, collaborate with managed defense and response service provider to ensure timely and effective incident resolution.
• System Security: Collaborate with the ITS team to review security configurations, identify security vulnerabilities, and recommend hardening requirements. You will be expected to have a thorough understanding of Windows and Linux Operating Systems, command-line tools, and some experience with scripting language.
• Procedure and Documentation writing: Develop and maintain security operation procedure, incident response playbook, system hardening standard to ensure ZE security practices are documented and adhere to best practices and standards.
• Threat Intelligence: Stay current on latest security trends and threats and proactively hunt for potential threat actors on the network.
• Participate in projects committees, meeting, and engagements; Have a good knowledge of business risks associated with common security vulnerabilities and be able to effectively communicate same to application developers, ITS Team and/or senior managers effectively.
• Work with ITS team to implement security controls and assist the InfoSec team to fulfill other security tasks as required.

Ideal Candidate

• Undergraduate degree in Information Security, Information Technology, Computer Engineering, Information Systems Management or equivalent
• Minimum five years work experience in Information security, with a focus on security solution deployment and incident response.
• Strong knowledge and hands-on experience with Microsoft 365(M365) security solution including Defender series (office 365, Endpoint, Cloud Apps, Identity, BitLocker encryption), conditional access, Privileged Identity Management (PIM) and Intune and Purview as well as M365 hardening.
• Strong knowledge on Microsoft Active Directory and Microsoft Entra ID
• Be highly knowledgeable and experienced with Windows and Linux operating systems.
• Experience with Threat intelligence and security incident handling.
• Experience in managing firewalls would be an asset.
• Knowledge of Networking Protocols and services such as TCP/IP, SNMP, DNS, DHCP, ISCSI
• Nice to have Encryption and Key Management lifecycle knowledge, including generating, using, storing, archiving, and deleting keys.
• Nice to have knowledge of Application Security best practices
• Strong verbal and written communication skills. Able to convey technical information to non-technical stakeholders.
• Strong analytical and problem-solving skill
• Knowledge of Information security & risk assessment methodologies/frameworks/standards such as NIST / ISO 27001
• Having one or more of the below security certificates:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Microsoft 365 Certified: Security Administrator Associate
  • Microsoft Certified: Azure Security Engineer Associate

About Us

ZEMA Global Data Corp. (ZEMA) is the global leader in the development of enterprise data management and analysis software. We are the developers of ZEMA, a sophisticated suite of products that provides clients with powerful capabilities for data collection, process automation, and business intelligence through web-based analytical tools, services, and dashboards. We work with world-class companies in every industry including energy, commodities.