Specialist, Cybersecurity Operations

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more. 
• An inclusive workplace culture and environment.

About the role

We are seeking a highly skilled and experienced Senior Cybersecurity Specialist to join our IT Security Operations team and play a key role in protecting our digital infrastructure. This position is critical to advancing our cybersecurity maturity, ensuring compliance with Canadian government standards, and proactively defending against evolving threats. The ideal candidate will bring deep expertise in Microsoft 365 and Azure security technologies, incident response, and vulnerability management within a public sector context.
 

What you’ll do:

• Lead the implementation, integration, and optimization of Microsoft Security Suite tools, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Microsoft Sentinel, Microsoft Purview, and Intune.
• Conduct and oversee regular vulnerability assessments and penetration testing across enterprise systems, ensuring alignment with ITSG-33 and other government cybersecurity standards.
• Develop, enforce, and continuously improve system hardening standards for Windows, Linux, Azure workloads, and network devices using Microsoft Security Baselines and CIS Benchmarks.
• Lead incident detection and response efforts using Microsoft Sentinel and SOAR platforms, driving automation and continuous improvement in threat response workflows.
• Monitor, analyze, and respond to complex security incidents, coordinating across teams to ensure timely containment and remediation.
• Collaborate with IT, compliance, and business units to assess risks, implement mitigation strategies, and support secure digital transformation initiatives.
• Maintain and evolve security policies, procedures, and documentation to meet audit and regulatory requirements.
• Mentor junior cybersecurity staff and contribute to team development and knowledge sharing.

What you should have:

• Bachelor’s degree in computer science, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in cybersecurity, with a strong focus on Microsoft 365 and Azure security technologies.
• Solid knowledge of operational cybersecurity best practices. 
• Deep understanding of system hardening, secure configuration, and zero trust principles.
• Proven hands-on experience with Microsoft Defender XDR, Sentinel, Purview, and Azure AD/Entra ID.
• Expertise in penetration testing tools and methodologies (e.g., Kali Linux, Burp Suite, Metasploit).
• Knowledge of the NIST Cybersecurity Framework. 
• Experience with cloud security, particularly Azure, and identity governance.

It would be great if you also had:

• Scripting and automation experience using PowerShell, KQL, or Python.
• Familiarity with security frameworks such as NIST CSF, MITRE ATT&CK, CIS Controls, and ITSG-33.
• Strong analytical, problem-solving, and communication skills.
• Ability to lead initiatives independently and collaborate effectively in a compliance-driven environment.
• Azure Certified.
• Microsoft Identity and Access Administrator.
• Microsoft Administering Information Protection and Compliance in Microsoft 365.
• CISSP.
• Certifications such as CISSP, AZ-500, SC-200, MS-500, or OSCP are highly desirable.

Posting closing date: Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion 

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion 

What happens after you apply 

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process.  If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!