Cyber Security Analyst

**Title: Cyber Security Analyst / IT Security Analyst**

**Multi Location: Toronto, Ontario, All Over Canada.**
**Type: Full-time Permanent**

**Summary of the Position**:
The Senior IT Security Specialist will work within the Cyber Security Technology & Operations team to defend our Networks against Cyber Attacks and proactively assess existing defenses.
Primary duties will include Vulnerability Management & remediation tracking, analysis and dissemination of Threat Intelligence feeds, EDR telemetry analysis, coordination of Penetration Testing efforts, IPS tuning, SIEM event correlation/triage/response, DLP configuration/monitoring & Threat Hunting. Participate in Incident response activities and drills.

**General Accountabilities**:

- Provide day to day review analysis of the perimeter IT network trying to determine unauthorized access attempts, probes, pre-attack information gathering, network mapping and monitoring mail for unauthorized data extraction.
- Participate in Business and IT initiated projects. Ensure that security requirements for the projects are defined and captured. Catalogue all security risks within projects, including those created within the proposed solutions.
- Manage or co-manage IT Security Operations.
- Participate in the ongoing development of Security Policy, Procedures and Guidelines.
- The incumbent must possess a strong client service orientation and a desire to help the business meet their objectives.

Specific Accountabilities:

- Provide day to day review analysis of the perimeter IT network trying to determine unauthorized access attempts, probes, pre-attack information gathering, network mapping and monitoring mail for unauthorized data extraction.
- Provide security scans of internal computer networks to search for unauthorized devices, detect suspicious activity, such as inappropriate printing of files from key IT systems.
- Participate in Business and IT initiated projects; Attend project reviews as required; ensure security requirements for the project are defined and captured.
- Provide security architecture expertise to the projects.
- Catalogue all security risks with the project, including those created within the proposed solution and those generated through project activities; Review and recommend approval for proposed technology solution.
- Review and recommend approval for sustainment adjustments as a result of remedial actions for risk reduction
- Remain operationally current for all key and critical IT systems and networks to ensure investigations are necessary, core operational competencies and skills will improve and ensure that the full range of potential root causes are explored without putting at risk the continued operation of the system or network.
- Conduct complex and technical IT investigations and address general queries regarding recovery, authentication, and analysis of electronic data when an investigation involves issues relating to reconstruction of computer usage, examination of residual data, and authentication of data by technical analysis.
- Conduct IT security threat and risk assessments related to key and critical IT systems and networks as it relates to internal or external threats.
- Complete detailed investigative reports outlining the key elements, evidence collected, findings and recommendations regarding IT security investigations.
- Provide assistance to physical security relating to Cyber asset security by identifying critical cyber related devices and determine IT system relevance.
- Conduct IT Data and Cyber Security awareness programs through presentation and education.
- Review items posted to the corporate web page to determine if they represent an overall security risk.
- Assist the Director of Business Information Technology in the assessment of IT Security work programs focused on the prevention, detection and response to breaches and malicious behaviors targeting IT systems and networks.
- Provide support to project and compliance teams with regards to Cyber Security related tasks and activities.
- **Essential Knowledge and Experience**:

- 5-8 years in a Cyber Defense Operations / SOC team
- 5-8 years’ experience with SIEM/Logging technologies (IBM QRadar, ArcSight, Splunk, Elasticsearch, etc)
- 5-8 years’ experience analyzing vulnerability data, running VA scans (Nessus, Qualys, IP360, etc) and managing findings using a risk-based approach
- 5-8 years’ experience working hands-on with IPS and APT prevention technologies in an administrative capacity (Tipping Point, Deep Discovery, Carbon Black, Crowdstrike, Checkpoint, Palo Alto, FireEye, Lastline, etc)
- 5-8 years’ experience in a Cyber Security Incident Response, Analysis & Triage related role
- 5-8 years of experience with hands-on technical forensic investigations (EnCase Enterprise, FTK, etc)
- CISSP certification considered an asset
- GCIH/GSEC certification considered an asset
- QRadar/Splunk/ArcSight certification considered an asset
- Bachelor in