logo

View all jobs

Security Operations Center/Incident Response Specialist

Etobicoke, ON

REPORTS TO: Manager – Security Operations

PURPOSE OF THE ROLE: The SOC/IR Specialist is an experienced Cyber Security Professional with a background in cyber security policy assessment, cyber security operations, incident response, SIEM tools, as well as creating and maintaining incident response playbooks. This role will take charge of a high performing team of other security professionals and interact with stakeholders to enhance and implement new technologies, responds to threats and incidents as needed, and collaborate on providing a strategic roadmap of future security technology.
 

Core Accountabilities

  • Evaluation of critical incidents. Review alerts, threat intelligence, and security data. Identify threats that have entered the network, and security gaps and vulnerabilities currently unknown
  • Implement and manage the full SOC security tool stack as well as take ownership of and adapt incident response SOPs and playbooks
  • Efficiently gather and analyze data with these tools to detect and investigate suspicious activities, contain, and prevent them. Provide insight to potential tooling changes, as needed to adapt to threats based on threat intelligence / IOCs
  • Audit and compliance support. Review and provide recommendations on security policy and applications. Track performance and provide recommendations on improving metrics and KPIs. Preparing disaster recovery plans
  • Review of escalated tickets that require an in-depth investigation / analysis
  • Investigate, document, and report on any information security (InfoSec) issues as well as emerging trends
  • Reduce downtime and ensure business continuity by proactively notifying business stakeholders about serious security events and how to potentially mitigate the posed associated risk(s)
  • Coordinate with Engineering and Cyber Threat teams to optimize security operations
  • Provide recommendations on ways to improve the security architecture
  • Provide guidance and mentorship to junior analysts on security IR techniques, analysis, and best practice

 

Minimum Qualification and Skills

  • 10+ years’ experience supporting cybersecurity SOC operations
  • Bachelor’s degree or equivalent in Computer Science, Information Assurance, MIS or related field; Masters is a plus
  • Experience and education in one or more of the following: CEH, eCPPT, OSCP, GCFW, GCIH, IHRP, CISSP
  • Experience and education in one or more vendor certification programs such as LogRhythm Platform Administration (LRPA), LogRhythm Security Analyst (LRSA), LogRhythm Cloud Administration (LRCA) Certification, Security+, Network+, GSEC, Certified Systems Analyst, CISM, or ISO 27001
  • SOC analysis and SIEM experience with LogRhythm. Candidate should be able to write advanced LR queries, create dashboards and reports, and be knowledgeable with SIEM administration.
  • Experience in an MSSP - tiered SOC/SIEM service
  • Experience with IDS/IPS technologies such as Palo Alto Firewalls. Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
  • Advanced Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.

More Openings

Helpdesk Level 2 Support
System Admin
Deployment Supervisor

Share This Job

Powered by