logo

View all jobs

Cybersecurity Analyst Tier 2

Toronto, ONTRIO
 Qualifications:
  • University degree or college diploma in computer science or information technology or equivalent
  • Two (2) years of job-related SOC experience
  • Ability to obtain a Government of Canada security clearance of at least Level 1
  • Experience with IPS/IDS/WAF and SIEMs
  • Experience reviewing and analyzing network packet captures
  • Experience performing security/vulnerability reviews of network environments
  • Experience in threat intelligence and advanced persistent threat analysis
  • Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
  • Experience with email protection platforms is a plus
  • Knowledge and understanding of data loss prevention (DLP)
  • Knowledge and understanding of network architecture
  • Strong knowledge of Windows and Linux OS
  • Strong research background, utilizing an analytical approach
  • Candidate must be able to react quickly, decisively, and deliberately in high stress situations
  • Comfortable working against deadlines in a fast-paced environment
  • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers
  • Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting
  • Multi-lingual is a plus
 
Reporting Relationship
 
The CIOC Cybersecurity Analyst Tier 2 reports to the Manager, Cybersecurity Intelligence & Operations Center. There are no positions that report to the CIOC Cybersecurity Analyst Tier 2
 
Principle Duties:
 
  •  
    • Monitor and analyze network traffic and IDS alerts from network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
    • Investigate intrusion attempts and perform in-depth analysis of exploits
    • Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident
    • Conduct proactive threat research
    • Review security events that are populated in a Security Information and Event Management (SIEM) system
    • Creation and tuning of correlation rules and playbooks
    • Independently follow procedures to contain, analyze, and eradicate malicious activity
    • Perform Tier 2 incident investigation
    • Document all activities during an incident and providing leadership with status updates during the life cycle of the incident
    • Create a final incident report detailing the events of the incident
    • Provide monthly reporting regarding security events/incidents
    • Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall CIOC functions
    • Communicate with clients and internal team members at all levels and across functional and organizational boundaries regarding security events and incidents
    • Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2
    • Assist clients with security product implementation, onboarding and support
 
 
Powered by