Based at a permanent client work site in downtown Toronto, the incumbent is self-motivated, energetic, driven for success and results oriented. In-depth knowledge of security monitoring, incident handling, security operations processes, threat management, and common industry technologies supports delivery and execution of managed security services. The analyst will also be a key player in building world-class security operations capability that is aligned with our strategic direction and that helps the firm better deliver on new and existing engagements.
- Analyze activity trends in the client’s environment using a mix of tools and analytical methodologies to hunt for threats not otherwise detected by configured security alerts.
- Contribute to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
- Perform in-depth investigation of events of interest identified during threat hunt activities or security alerts received from various security technologies as per defined investigation and response procedures.
- Liaise with appropriate internal stakeholders during the investigation process to determine whether a security incident has occurred, identify the root cause and provide appropriate recommendations for remediation.
- Work closely with your team to exceed our client’s expectations while identifying and mitigating business risks associated with projects.
- Build knowledge of and stay current on developments in the cyber threat landscape to adapt investigation techniques and provide recommendations to the client on responding to and remediating related incidents.
- A Bachelor’s Degree / Diploma in a relevant area of study with a preference for Computer Science, Information Security or Computer Engineering
- Minimum of 2 years of experience as a SOC analyst, incident responder or threat hunter ideally working in a CIRT
- Direct prior experience with core security technologies such as security information and event monitoring systems (SIEM), firewalls, network and host intrusion prevention and detection systems, proxies, vulnerability scanners, and anti-virus solutions
- Good knowledge of threat hunting methodologies and compromise detection tools
- Good working knowledge of one or more of the following topics:
- Operating systems (UNIX, Linux, Windows)
- Penetration testing and ethical hacking
- Malware analysis (dynamic and static)
- Industry certifications (CISSP, GIAC – GREM/GCIH/GCIA/GCFA) are a strong asset
- Proficiency in scripting languages (Python, shell, etc.)
- Prior experience working with security analytics tools
- Knowledge of analytics and machine learning models