Lead, Security Technologist

Company SummaryCome work for a company that’s committed to the success of each and every employee. A place where innovators and collaborators come together and build on each other’s talents. Where diversity is welcomed and celebrated.FCT provides industry-leading title insurance, default solutions and other real estate related products and services to legal, lending, valuation and real estate professionals across Canada. With FCT, you will have the opportunity to build a meaningful career. Join us as we continue to do exciting work and make a big impact on our colleagues, customers and communities.Job SummaryWe are continually searching for great talent; individuals who possess a deep commitment to the customers and markets we serve. If you would like to join a company that is committed to the success of each employee and offers challenge, purpose and the opportunity to grow both personally and professionally in a team-oriented environment, you'll enjoy a career with us We understand that fostering a diverse and inclusive environment is critical for the success of our business, and we actively work towards it every day.As a Security Technologist Lead, you will play a pivotal role in enhancing our security posture across both on-premises and cloud environments, ensuring we maximize the effectiveness of our existing technologies. A key aspect of this role will be creating a log onboarding strategy to identify security logs of interest and develop methods to integrate these logs into our SIEM, centralizing logging efforts. This involves identifying new logs by analyzing various sources, determining their relevance to security monitoring, and ensuring their effective integration into the SIEM.This role will be pivotal in developing new use case detections and alerts to enhance visibility against emerging and sophisticated threats. By leveraging technologies such as SOAR, you will automate playbooks and streamline our security operations, significantly reducing the time to detect and respond to incidents. This will enable our teams to focus on higher-value tasks and strategic initiatives.The successful candidate must be able to interpret complex security information, adapting to evolving threats, implementing controls to mitigate risks and develop alerting mechanism and provide effective countermeasures.Additionally, you will support the Security Operations team in building and enhancing cloud detection capabilities, aligning with FCT’s cloud-first strategy. This includes developing and implementing cloud-specific use cases and alerts to detect and respond to threats within cloud environments.HERE’S HOW YOU’LL CONTRIBUTE: Develop Log Onboarding Strategy by identifying and prioritizing relevant logs in alignment with our detection strategy. This includes scoping, testing, and implementing new SIEM data connectors where required.Create and implement SIEM detection rules for complex technical environments. Design custom alert logic based on sophisticated and emerging threats, utilizing XQL (Extended Query Language) for advanced detection patterns.Periodically review the use case library, perform attestation on existing use cases, and engage in tuning discussions. Provide recommendations for improvements to adapt to evolving threat landscapes.Utilize scripting languages like Python and automation solutions such as SOAR to streamline manual tasks and automate incident response playbooks to reduce mean time to respond and enable teams to focus on high value activities.Employ various cybersecurity techniques to assess information systems. Lead security initiatives and assist in enterprise-level projects, implementing security solutions and conducting Proof of Concept for modern technologies.Work closely with cross functional teams to integrate security measures and detection capabilities into cloud deployments, ensuring that security is embedded into the design and operational processes.Ensure thorough documentation of detection rules and related runbooks and processes for use by the Security Operations team.Oversee the management and maintenance of security operations owned platforms, including Palo Alto Cortex XDR, IBM Guardium, Qualys, KnowBe4, and File Integrity Monitoring Solution.Update and maintain cybersecurity playbooks, policies, and knowledge base articles that support established Incident Management and SOC processes.Work with broader technology teams to contribute to continual service improvements and innovations.Support high-severity incident response process as needed, ensuring that alerts and detections are promptly created and that relevant logs are readily available to facilitate thorough investigations.Mentor and train security operations analysts in use case detection and alerting, empowering them to enhance their skills and effectiveness in incident response.HERE’S WHAT YOU’LL BRING:5+ years of relevant cybersecurity experience with demonstrated technical leadership ability in information security and engineering experience in enterprise level security technologies in one or more areas of: Endpoint Protection, Perimeter Security, Email Security, Security Automation and Orchestration, Cloud Security and Vulnerability ManagementIn-depth understanding of Security Operations and Security technologies, with previous experience in a SOC environmentPractical experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.Proven experience in configuring and parsing log sources for log centralization and optimizing data analysis for improved threat detection.Understanding of common exploitation techniques, MITRE ATT&CK framework and awareness of new threatsExperience of supporting and developing SIEM platforms in the context of Security Operations Centre.Strong understanding of networking principles and extensive knowledge of TCP/IP at the packet level, including protocols and troubleshooting techniques.Practical experience in programming and scripting, particularly in PowerShell and Python, enabling task automation and custom solution/API development.Hands-on experience working with APIs to facilitate integration between various security tools, enhancing data flow and operational efficiency.Familiarity with cloud security best practices and frameworks from major cloud providers to effectively develop and implement security detections in cloud environments.Knowledge of broad range of security controls and risk management frameworks and laws such as, but not limited to, Payment Card Industry (PCI), NIST 800-63, ISO27001, OSFI B13 and Integrity & Security Guideline.Excellent written and verbal communication skills, crucial for conveying complex technical information clearly and facilitating collaboration.Capable of working independently in ambiguous situations while effectively achieving desired outcomes.Preferred Certifications: CCSP, CISSP, GIAC-GCED or equivalent security certificationsA proactive self-starter who adapts quickly in a fast-paced environment, demonstrating a positive attitude and requiring minimal supervision to achieve goals.Total Direct Compensation:$106,700 to $130,600Any pay range is in $CADHERE’S WHAT SETS US APART: Through mentoring, innovative tools, and a variety of programs that engage and reward, we empower each employee to be great and drive results.Comprehensive benefits that include Employee and Family Assistance Program (EFAP) and Wellness EssentialsGroup retirement savings plan with company matchPaid holidays and generous paid time offHybrid work arrangementsPaid volunteer opportunities and charitable donation matchingEmployee recognition programs that include referral incentivesPotential for performance-based incentives The opportunity to participate in our stock purchase planAnd more*ABy joining us, you will not only be part of an award-winning organization, you will be part of a workforce that is engaged and empowered to succeed.Thank you for considering FCT. We look forward to meeting you.