• Execute and monitor periodic vulnerability scans across internal infrastructure and cloud platforms. • Conduct periodic scans to support compliance requirements. • Perform External Attack Surface Assessments on internet-facing assets. • Assist in validating scan results and identifying false positives. • Analyze Vulnerability scan results to identify security gaps and potential threats. • Prioritise Vulnerability scan report based on risk severity and business impact. • Report findings to asset owners and relevant stakeholders for timely remediation. • Collaborate with IT, System Administrators, and Product Teams to ensure vulnerabilities are remediated within defined Service Level Agreements (SLAs). • Track remediation progress and follow up on outstanding vulnerabilities. • Support implementation of mitigation strategies where immediate remediation is not possible. • Assist in performing risk assessments related to identified vulnerabilities. • Support documentation of risks and contribute to mitigation planning. • Maintain awareness of evolving risk posture across systems. • Support the operation and maintenance of vulnerability management tools. • Assist in scan configuration, execution, result interpretation and reporting. • Support vulnerability management activities aligned with standards such as PCI-DSS, ISO 27001, and NIST. • Assist with audit preparation, including evidence gathering and documentations. • Ensure scanning and remediation practices meet compliance requirements. • Assist in creating dashboards and reports to visualize vulnerability trends, risk posture, and remediation performance. • Maintain accurate records of vulnerabilities, remediation status, and scan history. • Communicate findings clearly to both technical and non-technical stakeholders. • Suggest improvements to scanning, reporting, and remediation workflows. • Assist in Incident Response tasks and post-incident analysis when needed. • Assist in Threat Intelligence tasks from internal and external sources when needed. • Track emerging threats, vulnerabilities, and tactics used by relevant threat actors. • Contribute to threat briefings and recommendations for security controls. • Stay current with emerging vulnerabilities, threats, and cybersecurity trends. • Participate in training, labs, and knowledge-sharing sessions. • Continuously develop technical skills in security tools and methodologies.

• Help monitor Stantec’s systems for signs of intrusion • Work closely with the IT Security team to investigate, contain, and remediate security incidents • Perform operational reviews of IT security systems and monitor key consoles • Participate in the investigation of alleged security breaches to help determine root cause, impact, remediation • Respond to incidents reported by users through Stantec's IT ticketing systems • Assist IT Security administrators in management and operational configuration of IT Security systems and controls • Document all security incidents and near misses reported in our incident response system • Other duties as assigned

• Apply expert knowledge of concepts, processes, practices, and procedures on technical assignments • Support enterprise Cybersecurity standards • In coordination with Government develop and implement Cybersecurity standards and procedures • Coordinate, develop, and recommend security processes for an organization • Recommend Cybersecurity solutions to support customers’ requirements • Identify and report security violations • Recommend and satisfy Cybersecurity requirements based upon the analysis of CSPP, policy, regulatory, and resource demands • Support customers at the highest levels in the development and implementation of processes and policies • Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures • Support design and development of security features for system architecture requirements • Analyze and make recommendations of security requirements for computer systems which may include mainframes, workstations, and personal computers • Support design, development, engineering, and implementation of solutions that meet CSPP requirements • Provide integration and implementation of the computer system security solution • Analyze general Cybersecurity-related technical problems and provide basic engineering and technical support in solving these problems • Support vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle • Perform all procedures necessary to ensure the safety of information systems data assets and to protect systems from intentional or inadvertent access, theft, or destruction • Ensure that all information systems are functional and secure • Provide subject matter expertise, direction, guidance, tracking, and support on cyber security, risk management, continuous monitoring, security Assessment and Authorization (A&A), and business processes that support a metric-driven environment • Develop, maintain, and update Plans of Action and Milestones (POA&M) to identify system weaknesses, mitigation, and timelines for applying corrective actions

Role Description We are seeking a Cybersecurity Analyst who is available to work out of our Chicago, IL, Cleveland, OH, or Charleston, SC office. The Cybersecurity Analyst will have the exciting opportunity to play a key role in expanding Brookfield Property’s information security program. You will be responsible for working with the security engineering team to: - Remediate threats - Identify opportunities to improve security processes - Hunt for emerging threats - Maintain our industry-leading portfolio of security tools This is a hands-on role; familiarity with Enterprise Security Architectures, Windows systems, Networking, and OT/BMS is critical. Overall, we seek qualities that display our company’s core values which are Humility, Attitude, Do the Right Thing, Together, and Own it. Role & Responsibilities: - Review security incidents to remediate threats and help lead the escalation of security events in conjunction with the incident response plan - Monitor and support security tools to ensure effective detection and response, including assisting with tuning to reduce false positives - Work with our MSSP and other vendors to optimize the escalation processes and reduce false positives - Collaborate with business and technology teams to promote security awareness and support security best practices - Follow established playbooks and operational procedures during incident response, and contribute feedback for continuous improvement - Participate in generating operational improvements through security orchestration and automation tools Qualifications - Bachelor’s degree in Computer Science, Information Security/Cybersecurity, or a related discipline (machine learning, statistics, mathematics, etc.) - At least 1 year of experience in Security or 3 years in IT including Incident Detection, Incident Response, System Administration, or Service Desk - Understanding of fundamental security architecture and networking concepts - Ability to assess and prioritize multiple alerts or incidents based on risk and business impact - Experience participating in major incident response efforts within a fast-paced environment - Able to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and authoritative manner - Knowledge of forensics techniques to determine root cause for security incidents - Documentation and process improvement skills - Experience with Windows, networking, or audit logs, SIEM technologies are a plus - Proven track record of analyzing, diagnosing and solving complex issues - Experience with Cloud technologies including AWS, Azure, and GCP - Security+, CySA+, or equivalent foundational certifications Desired Skills - Previous experience in an environment with extensive OT/IoT presence - Communication skills that translate technical concepts to non-technical stakeholders - Ability to find a balance between Security and Business objectives, by creating a culture where security is a major consideration - Scripting in Python, Bash, or other common languages - Process improvement through automating tasks or scripting Benefits - 401K matching - Tuition reimbursement - Summer Fridays - Paid maternity leave - Generous employee referral program Company Description Brookfield Properties strives to create spaces where going to work never feels routine. We are proud to create a diverse environment and are proud to be an equal opportunity employer. We are grateful for your interest in this position; however, only candidates selected for pre-screening will be contacted.