View all jobs

SOC Analyst

Toronto, Ontario

SOC Cybersecurity Analyst Tier 1
  • Knowledge of information security event monitoring and detection and NID monitoring and incident response
  • Familiarity with network security methodologies, tactics, techniques and procedures
  • Experience with IPS/IDS, SIEMs and other CND security tools
  • Ability to read and write Snort IDS signatures
  • Experience reviewing and analyzing network packet captures
  • Experience performing security/vulnerability reviews of network environments
  • Possess a comprehensive understanding of the TCP/IP protocol, security architecture, network and remote access security techniques/products
  • Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
  • Working knowledge of network architecture
  • Strong research background, utilizing an analytical approach
  • Candidate must be able to react quickly, decisively, and deliberately in high stress situations
  • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers
  • Working knowledge of Windows and Linux OS to include experience working in the command line interface
  • Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting
Reporting Relationship
The CIOC Cybersecurity Analyst Tier 1 reports to the Manager, Cybersecurity Intelligence & Operations Center. There are no positions that report to the CIOC Cybersecurity Analyst Tier 1.
Principle Duties:
  • Availability for shift work including day, afternoon and overnight shifts on a monthly rotation schedule
  • Monitor and analyze network traffic and IDS alerts
  • Investigate intrusion attempts and perform in-depth analysis of exploits
  • Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident
  • Conduct proactive threat research
  • Review security events that are populated in a Security Information and Event Management (SIEM) system
  • Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
  • Independently follow procedures to contain, analyze, and eradicate malicious activity
  • Perform Tier I/II initial incident triage
  • Document all activities during an incident and providing leadership with status updates during the life cycle of the incident
  • Create a final incident report detailing the events of the incident
  • Provide information regarding intrusion events, security incidents, and other threat indications
  • Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall CIOC functions
Powered by