Security Operations Analyst

Join the ranks of Stikeman Elliott, one of the most distinguished and respected corporate law firms in Canada. Our Toronto office is located in the heart of the financial district, with prime access to public transit, which makes it ideal for commuters. Voted one of the Best Employers in Canada for the past 13 years, and winner of the Venngo Award of Excellence for Financial, Physical & Mental Wellness at the 2019 Canadian HR Awards, Stikeman Elliott is always seeking to recruit the best and the brightest talents.

Reporting to the Security Operations Manager, the Security Operations Analyst provides dedicated day-to-day operations for Stikeman Elliott’s security operations (Internal and Outsourced) program, threat intelligence, and vulnerability scanning. The Security Operations Analyst works to deliver on the Security Operations team’s mission, will be responsible for maintaining security of information and data in the Firm’s information systems and infrastructure and ensuring that it remains protected from compromise. The Security Analyst will also monitor technical compliance to the firm security policies and standards, investigate and resolve security incidents and conduct vulnerability scans.

**Responsibilities & Deliverables**:
Support a 24x7 outsourced Security Operation Center (SOC) environment that includes shared on-call duties:
Respond to security alerts and work with the appropriate teams to investigate and triage them.
Perform real-time status monitoring of security equipment (IPS, firewalls, etc.) and systems (servers, clients, etc.) using various tools (e.g. SIEM) to identify potential security incidents, threats and vulnerabilities.
Perform troubleshooting and problem resolution on security equipment and systems
Identify gaps in the security posture and work with the team to mitigate or remediate them.
Collaborate with relevant teams to implement security controls, validations, best practices, and enable mechanisms for incident response and data breach detection.
Analyzing open source and commercial intelligence feeds, gathering threat actor activity and developing Indicators of Compromise (IOC)s to detect cyber-attacks.
Leverage attack and vulnerability scanning tools to test, and enable the various teams to test, the organization’s assets for vulnerabilities.
Engage in Identity and Access Management (IAM) duties including:
Ensure that the provisioning and management of credentials across multiple systems is in alignment with the Firm’s information security program.
Undertake regular supervisory inspections for non-compliant accounts (non-expiring passwords, stale/locked-out accounts, etc.).
Take lead in regular IAM reviews including quarterly account verification and privilege revalidation
Take lead in handling requests for accounts with elevated privileges
Facilitate audit activities as initiated from internal and external entities, following established policies and procedures
Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency.
Contribute to the development of the company-wide information security requirements, threat modeling, secure design, cryptography standards, third-party component, selection of approved tools, secure implementation and system monitoring.

**Qualifications & Required Experience**:
At least 2 years of cyber security operations experience (e.g. SOC/CIRT) preferred.
Bachelor’s Degree in Computer Science or related field, or equivalent experience and knowledge required.
In-depth understanding of security issues across many different platforms and capability to articulate and communicate these issues to both technical and non-technical audiences.
Advanced understanding of tools used for forensic investigations.
Advanced knowledge of security tools such as SIEM, IDS/IPS, and firewalls.
Advanced knowledge of network devices such as switches and routers.
Advanced knowledge of Microsoft Windows systems including active directory.
Team-oriented and skilled in working within a collaborative environment.
Experience with cyber monitoring, hunting, and incident response investigations is preferred.
Excellent problem-solving abilities.
Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment.
Displays a high of level of passion, energy, excitement and intensity.
Ability to be broadly focused and manage multiple efforts concurrently.
Ability to work independently.
Strong written and verbal communication skills.

**Hours**:
Monday
- Friday 9am-5pm

Rotating Schedule for Weekends

COVID-19 Vaccination

You acknowledge and accept that due to health and safety requirements, you must be fully vaccinated for COVID-19 and provide proof of a Health Canada approved COVID-19 vaccination prior to commencing your employment with the Firm. However, the Firm will make reasonable accommodation efforts if you cannot be vaccinated due to medical, religious, or other grounds to the e