Security Operations Center Analyst

Person with operating experience in a Security Operations Center at a Tier One level that wants an opportunity to grow and progress into the higher SOC tiers. Our Managed Security Service Provider (MSSP) will perform SOC Tier One functions, allowing the IT Security Operations Analyst to utilize our advanced SOC tools, including a SIEM and log collection systems to perform security incident response, to analyze security data, to affect required changes to our security systems, to perform device management and to report out on security issues. The role will adhere to company policies and practices, such as the IT security policy and our vulnerability management practice and participate in an after hour’s on-call rotation and work overtime and occasional non-standard shifts (after-hours and weekends).

Key Responsibilities

·       In the SOC, act as the first point of contact for our MSSP for monitoring, alerting and reporting on malicious activities or activities of interest

·       Triage alerts and activate the Security Incident Response (SIR) process during business hours or after hours, if on-call. Also assist in SIR testing

·       Administer, operate and tune SOC tools including the SIEM and the log collection system

·       Maintain and improve processes, practices and measures for the SOC staff and MSSP

·       Perform or initiate necessary changes to company systems, following approved change requests processes

·       Perform analytics or forensic investigations

·       Generate reports and measures/metrics against industry benchmarks and company specific reporting requirements

·       Run vulnerability scans on network and endpoints devices and be able perform remediation activities upon detection of critical and high vulnerabilities

·       Make recommendations for improvements to SOC Standard Operating Procedures (SOP) or company security frameworks

Screening Criteria

·       Undergraduate degree in Computer Science or Management Information Systems or in a related field

·       Minimum 2 years of experience in IT security operations in a formal Security Operation Center

·       Solid knowledge of IT security operations/support principles and practices

·       Knowledge of IT and network operations

·       Working experience with the following technologies:

o   SIEM

o   Fire Walls

o   Syslog Log Collection

o   Asset Discovery

o   Windows and Linux Operating Systems

·       Knowledge of the following technologies:

o   Endpoint Protection including AV and Malware Detection

o   Email and Web Security Devices

o   Network Access Control

o   Switches, TAPS and Routers

o   IPS/IDS and DLP

Assets

·       Industry recognized IT Security certifications

·       Bilingual in both official languages (French and English)

·       Government of Canada Security Clearance

·       Previous experience working for an MSSP or a financial institution in an IT security related role