View all jobs
Job description:
This position is an L2 position: First level of defenses / first Level of human influence. Escalation is as follows: L1 = automation with system which produces the alert. Them L2 = the humans checks. Then L3 would be a more senior role 6-8 years // More background on analysis / malware analysis as well analyst.
***So, we need the candidate to be technical to ensure the good triage of the alert / understanding. Needs to execute the escalation plans.
Security Analyst - 76526
Montreal - Hybrid Position, QC · Information Technology- 3-5 years experience as a Security Analyst
- Experience in SOC
- 3+ years of experience with the following technologies: SIEM, ELK, IDS/IPS, network- and host-based firewalls, data leakage protection (DLP)
- Experience in alert handling generations system, monitoring those alerts, as soon is technical and knowledgeable enough to do a triage and correlation and escalated to a good level to reach out to the good device/infras onwers.
- ELK (Elsastic Search primary data lake solutions. (If work with SPLUNK is ok as well!)
- They used Ticketing System: Service Now (But any other ticketing system is ok)
- Direct experience with anti-virus software, endpoint detection response (EDR), firewalls and content filtering
- Demonstrable knowledge in Incident response, log analysis and PCAP analysis
- Good level of knowledge in network fundamentals, for example, OSI Stack, TCP/IP, DNS, HTTP(S), SMTP
- Language: bilingual or English-speaking
- Alert security investigation any sort of certification CSSP / HACKING would be a plus
- Portuguese / Spanish VERY NICE to HAVE but not mandatory
- Banking experience is a plus.
Job description:
This position is an L2 position: First level of defenses / first Level of human influence. Escalation is as follows: L1 = automation with system which produces the alert. Them L2 = the humans checks. Then L3 would be a more senior role 6-8 years // More background on analysis / malware analysis as well analyst.
***So, we need the candidate to be technical to ensure the good triage of the alert / understanding. Needs to execute the escalation plans.
- Monitor banking sources for potential security incidents, health alerts with monitored solutions, and requests for information. This includes monitoring real-time channels or dashboards, periodic reports, email boxes, help desk or other ticketing system, phone calls, chat sessions
- Follow incident-specific procedures to triage potential security incidents to validate and determine necessary mitigation actions
- Escalate potential security incidents to Level III and IV engineers, implement countermeasures in response to others and recommend operational improvements
- Maintain accurate incident notes in the case management system
- Maintain awareness of the bank's technology architecture, known weaknesses, architecture of security solutions used for monitoring, imminent and pervasive threats identified by customer threat intelligence, and recent security incidents
- Continuously improve the service by identifying and correcting problems or knowledge gaps (analysis procedures, plays, customer network models), false positive settings, identifying and recommending new or updated tools, content, countermeasures, scripts.
- Conduct peer reviews and consultations with other Level II analysts regarding potential security incidents
- Serve as a subject matter expert in at least one security-related area (e.g. specific malware solution, python programming, etc.)
- Actively seek self-improvement through continuous learning and advancement to a Level III Analyst
- Provide quarter status and metric declaration
- Weekly support for 24x7 coverage
- Adhere to internal operational security and other customer policies
- Carry out planned light work