At Bell, we do more than build world-class networks, develop innovative services and create original multiplatform media content – we advance how Canadians connect with each other and the world.

If you’re ready to bring game-changing ideas to life and join a community that values, professional growth and employee wellness, we want you on the Bell team. 

Bell is making unmatched investments in our world-leading broadband fibre and wireless networks because we know they’re the backbone of the products and services our customers love. If you’re excited about transforming the way people connect, our Network team is the right place for you.   

Summary

Bell is a leader in wire-line and wireless network technologies in Canada, providing high-quality connectivity services to a wide variety of IoT clients (Internet of Things). We are now leveraging this experience and network quality to develop a strong portfolio of custom solutions for our corporate partners.

We are looking for a very hands-on lead security engineer that has good experience with IT infrastructure deployment (including automation), security hardening, and Authentication & Authorization concepts and tools (gateways). We're seeking a candidate that is very comfortable with the execution of this kind of deployment, someone who likes to have his hand dirty and very efficient at doing an actual deployment of an architecture. You will need to have a good knowledge of security concepts and standards on network, IT infrastructure & cloud.

The role will be technical lead of an agile cross-functional team, focused on delivering security and non-security features that enable our solution teams to work faster and more securely.  On the technical side, you and your team will own the solutions that you propose, design and deliver, and work alongside other cross-functional teams to collaborate on delivery.  On the business side, you will build and maintain a roadmap to meet internal customer needs, coordinate with partner teams and stakeholders to ensure alignment with the needs and business.

 Job Duties/Accountabilities:

Analyze new security features request, build the cross-functional dependencies with respect to functional and non-functional requirements, provide end to end solution, and lead the solution deployment and development

Take ownership of current solutions, including a Redhat SSO (Keycloak) platform and related Authentication and Authorization framework, providing support to multiple tenants and lifecycle management

Lead delivery of Secret management and TLS certificate management for several projects in IoT.

Review proactively current deployed security architectures and measures, and recommending and implementing enhancements

Conduct regular system tests and ensuring continuous monitoring of network security

Create and deliver best practice recommendations, tutorials, sample code, and presentations adapted to technical teams

Automate manual tasks where appropriate using Ansible and similar tools

Establish disaster recovery procedures and conducting breach of security drills

Promptly respond to all security incidents, coordinate with other internal security teams, and provide thorough post-event analysis

Deploy and maintain various security and non-security solutions hosted both on-prem in Openstack or OpenShift, or in-cloud

 Critical Competencies / Qualifications:

Excellent written and verbal communication skills

Proactive and well organized, leadership and soft skills

Able to advocate for your technical roadmaps and solutions to less-technical business and management teams, using business benefits

+10 years of experience working in IT infrastructure, system administration of Linux environment, and software development. 

Very familiar with networking and network troubleshooting in a complex multi-cloud environment

Thorough understanding of the latest security principles, techniques, and protocols.

Experience with network security and networking technologies, and with system, security, and network monitoring tools

Experience with solutions for AAA (Authentication/Authorization/Accounting) including MFA SSO, and Identity Management, Encryption, Event correlation, Identity management, and Access management

Knowledge and understanding of Authentication and Authorization protocols and artifacts: OpenID Connect, JWT token, OAuth2, SAML, etc.

PKI & TLS knowledge (HTTPS, Encryption, Signatures, etc.)

Production experience with Openstack, OpenShift, and Kubernetes, including sidecar functionality (Istio, consul, etc.)

Solid understanding of Zero Trust Pillars, frameworks, and implementation strategies

Knowledge and understanding of Endpoint Detection and Response (EDR) solution and implementation strategies

Knowledge and experience in security systems, including firewalls, WAF, intrusion detection systems, anti-virus software, authentication systems, log management, etc

Experience building automation using orchestration tools such as Ansible, and Infrastructure-as-code tools, such as Terraform

Programming experiences plus source code management using Git, MR & PR workflows, code reviews. Comfortable building and maintaining CI/CD testing and deployment pipelines.

Ability to build and maintain utility or automation scripts in bash or python

Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability

Good working knowledge of current IT risks and experience implementing security solutions

Ability to interact with teams and individuals with a wide range of security understanding to explain and ensure alignment on security measures

 Preferred qualifications:

Production experience with KeyCloak/Redhat SSO deployment, configuration, and operation

Linux Administrator/Engineer certification

Internet of Things (IoT) framework and main protocols knowledge such as MQTT and CoAP

Messaging Bus: AMQP, Kafka

Knowledge of Wireless and Mobile networks, especially 5G, LTE-M, LoRA, NB-IoT as asset

Programming and automation language knowledge and experience: Node.js, Java, Ansible

Knowledge of HashiCorp Vault

Security certifications: CISSP, SSCP, CEH, Security+, CISA

Azure certification

Kubernetes certification

FortiNet and F5 knowledge as asset

Bilingual French and English an asset