Security Analyst

The University Health Network, where "above all else the needs of patients come first", encompasses Toronto General Hospital, Toronto Western Hospital, Princess Margaret Cancer Centre, Toronto Rehabilitation Institute and the Michener Institute of Education. The breadth of research, the complexity of the cases treated, and the magnitude of its educational enterprise has made UHN a national and international resource for patient care, research and education. With a long tradition of ground breaking firsts and a purpose of "Transforming lives and communities through excellence in care, discovery and learning", the University Health Network (UHN), Canada's largest research teaching hospital, brings together over 16,000 employees, more than 1,200 physicians, 8,000+ students, and many volunteers. UHN is a caring, creative place where amazing people are amazing the world.

Union: Non-Union
Site: Toronto General Hospital; other sites throughout the Greater Toronto Area
Department: UHN Digital - Operations Centre (OC)
Reports to: Operations Centre Manager and Digital Security Manager
Work Model: Alternating on-site and remote during day shifts and on-site night shifts
Grade: H0:04
Hours: 37.5 per week
Salary: $29.61 to $37.01 per hour (To commensurate with experience and consistent with UHN compensation policy)
Shifts: 12-hour shifts; days & nights
Status: Temporary Full-Time, 12+ Months
Closing Date: August 21, 2024

Position Summary

The candidate will have an in-depth knowledge of cyber intelligence, security monitoring, event monitoring, incident response and handling, security operations processes, threat management and common industry technologies. The candidate must be able to perform cross-functional and other applicable duties consistent with the job description and as required/requested. The candidate will also be responsible for researching emerging trends and standards in IT Security; assisting with security audits; managing corporate security policies and standards as well as implementing and recommending policy changes to the Security Architect.

Key responsibilities include monitoring and optimization of the servers, utility servers, storage, network, teleconference equipment, and patient and facility monitoring systems. The specialist is also responsible for monitoring systems for threats from all attack vectors including perimeter and e-mail. The Operations Centre teams are comprised of infrastructure focused and security focused staff where incidents are escalated to L1 or L2 infrastructure or security support staff as required.

The UHN Digital Operations Centre will operate using a 12 hour shift schedule. The benefits of this include extended periods between shift cycles for personal time and cycle adjustment and overlap with daytime staff every four weeks for training purposes.

Duties

• Protect and defend UHN's network.
• Monitors all aspects of the Operations Centre (OC), including infrastructure and security functions.
• Works with Infrastructure Engineering to ensure systems are properly maintained in a safe and secure manner.
• Works with other teams within UHN Digital to ensure that OC tools are properly patched and working.
• Escalates system and services incidents and problems to the appropriate L2 support group.
• Works with Infrastructure Engineering, Architects, Security Operations, and other staff to ensure Operations Centre meet the organization's ongoing requirements.
• Aids in in-depth investigation of events of interest identified during threat hunt activities or security alerts received from various security technologies as per defined investigation and response procedures.
• Contributes to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
• Performs event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Uses defensive measure and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems and networks from threats.
• Analyze activity trends in client environments using a mix of tools and analytical methodologies to hunt for threats not otherwise detected by configured security alerts.
• Contribute to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
• Perform in-depth investigation of events of interest identified during threat hunt activities or security alerts received from various security technologies as per defined investigation and response procedures.
• Build hunt threat profiles based on various intelligence-gathering techniques.
• Conduct threat scenario analysis to develop new use cases with relevant attack vectors, and develop attack scenarios in order to formulate hunting strategies to identify the presence of threats that are going undetected by existing security controls.
• Liaise with appropriate internal stakeholders during the investigation process to determine whether a security incident has occurred, identify the root cause and provide appropriate recommendations for remediation.
• Build knowledge of and stay current on developments in the cyber threat landscape to adapt investigation techniques and provide recommendations to the client on responding to and remediating related incidents.
• Create threat hunting monthly reports.
• Maintain an up-to-date threat hunting document repository.
• Test and tune SIEM components, rules, alerts etc.
• Develop internal documentation (playbooks & processes) for OC analysts based on correlation rules.
• Document and escalate incidents (including the event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, misuse activities, and distinguish these incidents and events from benign activities.

• A Bachelor's Degree / Diploma in a relevant area of study with a preference for Computer Science, Information Security or a Bachelor of Technology.
• Minimum of two (2) years working experience in Cyber Intelligence or as a threat hunter ideally working within a CIRT.
• 1-2 years experience in monitoring SIEM alerts and responding (e.g. Splunk).
• 1-2 years experience in Next Generation Firewall and IPS/IDS.
• 1-2 years experience in Email Gateway and SPAM.
• Strong knowledge of threat intelligence and threat hunting.
• Strong analytical and investigative skills.
• Knowledge of technical security controls and mitigations.
• Good working knowledge of one or more of the following topics: common security threats, industry best practices, security technologies.
• Strong working knowledge of advanced endpoint analytics.
• Experience with the Cyber Kill Chain model.
• Must have experience in IPS/IDS, Firewalls, End-Point Protection and SIEM.
• Knowledge on digital forensics and malware reverse engineering.
• Knowledge of computer network defense (CND) and vulnerability assessment tools, including open source tools, and their capabilities.
• Knowledge of incident response and handling methodologies.
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or SANS certification. Vendor specific trainings and certifications are an asset (Forescout, Cisco, Splunk, CyberArk, BeyondTrust and Palo Alto).
• 1-2 years experience in Threat Hunting an asset.
• 1-2 years experience in Automating Alerts SIEM an asset.

Why join UHN?

In addition to working alongside some of the most talented and inspiring healthcare professionals in the world, UHN offers a wide range of benefits, programs and perks. It is the comprehensiveness of these offerings that makes it a differentiating factor, allowing you to find value where it matters most to you, now and throughout your career at UHN.

• Competitive offer packages
• Government organization and a member of the Healthcare of Ontario Pension Plan (HOOPP )
• Close access to Transit and UHN shuttle service
• A flexible work environment
• Opportunities for development and promotions within a large organization
• Additional perks (multiple corporate discounts including: travel, restaurants, parking, phone plans, auto insurance discounts, on-site gyms, etc.)

Current UHN employees must have successfully completed their probationary period, have a good employee record along with satisfactory attendance in accordance with UHN's attendance management program, to be eligible for consideration.

All applications must be submitted before the posting close date.

UHN uses email to communicate with selected candidates. Please ensure you check your email regularly.

Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any information provided by a candidate be misleading, inaccurate or incorrect, UHN reserves the right to discontinue with the consideration of their application.

UHN is an equal opportunity employer committed to an inclusive recruitment process and workplace. Requests for accommodation can be made at any stage of the recruitment process. Applicants need to make their requirements known.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.