Reporting to the Information Security Manager, the Cyber Security Analyst is responsible for recommending, implementing, and monitoring security measures to protect DDSB’s information assets. This includes securing cloud and on-premise infrastructures, using data to identify and mitigate risks, and filtering suspicious activity to prevent breaches. The role also leads frontline efforts to counter cyber threats through technical analysis, support, and by developing and maintaining a staff-wide information security training program.

Key Responsibilities Security Incident Response & Forensics

• Monitor network traffic to detect and respond to potential threats.
• Analyze incidents using professional judgement and security expertise.
• Execute timely response actions per the Incident Response Plan (IRP).
• Contain and mitigate the impact of security incidents based on situational context.
• Conduct root cause analysis and recommend improvements to security controls.
• Collect, analyze, and preserve digital evidence in the event of a breach.
• Support cybercrime prevention through detailed forensic reporting and data analysis.

Vulnerability Management and Analysis

• Guide and support execution of the Vulnerability Management (VM) Plan.
• Coordinate activities related to vulnerability scanning, patching, and remediation.
• Provide subject matter expertise and contribute to VM roadmap development and updates.
• Report on VM metrics, KRIs, trends, and compliance to IS Manager and Head of IT.
• Research, design, and maintain IT security solutions aligned with DDSB policies and legislation.
• Collaborate on the design of secure computer architectures with cross-functional teams.
• Implement controls to minimize risk of data breaches and data loss.

Risk Assessments, Threat Modeling and Reporting

• Identify, classify, and prioritize vulnerabilities across systems, applications, servers, and networks.
• Use vulnerability scanners and penetration testing tools to detect and assess risks.
• Analyze cyber risk posture and correlate with current threat landscape.
• Conduct gap analyses for IT and non-IT functions to assess security control effectiveness.
• Generate risk and vulnerability reports with actionable insights.

Security Awareness Training and Phish-Sim Tests

• Design and deliver online and in-person security awareness training campaigns.
• Communicate monthly security tips to keep staff informed and vigilant.
• Conduct phishing simulations to assess user awareness and program effectiveness.
• Analyze simulation results and training outcomes to identify improvement areas.
• Provide recommendations to the IS Manager for enhancing the training program.

Software Security Assessment

• Identify security weaknesses and risks in new and existing cloud software.
• Analyze and implement security controls to mitigate identified risks.
• Document assessment results and remediation plans in the Technology Approval Process (TAP) system.

Knowledge And Skills

• Sound knowledge of technical security controls, assessment and awareness training
• Excellent problem-solving, organizational and analytical skills
• Sound written and verbal communication skills
• Deep understanding of security incident response, root cause analysis and should have hands on experience with technical tools (SIEM, Scanners, Tests)
• Multitasking skills, ability to learn quickly and must be able to work under pressure with hard project deadlines

Education

• Completion of an undergraduate university degree in a related discipline or a combination of education, training and experience deemed to be equivalent.
• Must have a least one valid security certifications (CyberOps Associate, Security +, CEH or equivalent). CCSP, CISSP, or equivalent will be an asset

Experience

• 5 years Total Technology experience required
• 3 years Vulnerability Tools and Risk Assessments required
• 3 years experience Security Investigations required
• 3 years experience Security Awareness Training required

Additional Information

• This is a 35 hour per week, permanent position.

Equity and Inclusion The Durham District School Board recognizes Indigenous rights are distinct. In the exercise of those rights, Indigenous staff and students shall not be subjected to actions with the aim or effect of depriving these distinct rights.

The DDSB is dedicated to creating a welcoming and inclusive environment for all. We are committed to reflecting the diverse communities we serve and encourage applications from candidates who bring a variety of experiences and backgrounds. We adhere to fair, transparent hiring practices and are committed to equity and accessibility throughout the recruitment process. If you need accommodation during the application process, please let us know, and we will work with you to meet your needs.

Ignite Your Career At the Durham District School Board (DDSB), we inspire the lives of over 80,000 students. Our diverse communities are places where your impact will be felt every day.

Picture yourself in a workplace where your ideas are celebrated, and your growth is a top priority. Here, collaboration and innovation thrive. Whether you're directly inspiring young minds or providing essential support behind the scenes, your contributions will have a meaningful impact on students and the community.

We welcome you to bring your experiences, your passions, and your talents to our inclusive community. Join us and be part of a team that values your well-being as much as your contributions. Ignite your potential at DDSB and help us make a difference, one student at a time.

#DDSBISHIRING