Cybersecurity Operations Analyst

Location: Canada_Remote, Canada

Dans des marchés en rapide évolution, les clients à travers le monde font confiance à Thales. Thales est une entreprise où les personnes les plus brillantes du monde entier se regroupent pour mettre en commun leurs idées et ainsi s'inspirer mutuellement. Dans tous les secteurs où œuvre Thales, notamment l’aérospatiale, le transport, la défense, la sécurité et l'espace, nos équipes d’architectes conçoivent des solutions innovantes qui rendent demain possible dès aujourd’hui.

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

**Position Summary**

**This position is located in Fredericton N.B. It will first start as remote and then shift to hybrid once our new facility is up and running.**

Thales requires a **Cybersecurity Operations Analyst **to be responsible for the prevention of Cybersecurity incidents by real-time monitoring, detection, and analysis of potential intrusions. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. The position operates and tunes security tools, provides requirements for new security capabilities, and creates use cases for monitoring. In addition, the position creates and follows up on incident reports, creates daily, weekly, and monthly reporting metrics.

The Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of evidence, identify the malicious operations, and evaluate the real impact to solve in a quick and efficient manner. This is a key role when it comes to onboarding new customers, maintaining the CSOC’s infrastructure and continuous improvement.

**Essential Functions / Key Areas of Responsibility**

The analyst must have work experience in a Security Operation Centre (SOC) environment. Expertise in using and managing SIEM, EDR, log and network analysis, Network security (Firewall, WAF, IDS/IPS), Infrastructure are vital for this role.
- Monitor, analyze and report possible Cyber-attacks or intrusions, anomalous, and misuse activities.
- Leverage variety of Cybersecurity tools (SIEM, EDR, and Sandbox) for analysis to identify malicious activity.
- Creating queries/rules for specific searches, reports, and alerts on SIEM. Contribute in updating, and tuning correlation rules and Security use cases. Contribute to improvement of alerts classification to minimize false positive.
- Follow incident response process, document, and escalate security incidents. Stay up to date with security incidents until closure.
- Analyze identified malicious activity to determine Tactics, Techniques, and Procedures (TTPs), gather indicator of compromise (IOC) and any relevant information.
- Conduct research, analysis and correlate gathered data from various sources to gain situational awareness and determine the impact of the incident.
- Coordinate with other teams (IT Security, network, system administrators, and end-user) to validate alerts or activities.
- Provide daily summary reports of Cybersecurity incidents, operation statistics of monitoring tools, and latest Cybersecurity related news.
- Perform trend analysis and develops metrics and reports on intelligence and incidents for management.
- Contribute to the creation, update of Security Operation and incident response best practices, and processes.
- Assist in secure collection of artifacts, analyze for malicious behavior, and carry out analysis to determine the root cause of events.
- Participate in threat-hunting activities, looking for anomalies. Ingest, analyze, and contextualize data and turn that into intelligence for threat assessment and risk management.
- Research latest known Cybersecurity incidents, gather IOC’s and any relevant data to use with Threat hunting activities.
- Provide advice on configuration of network security devices for service and security enhancement.
- Support customer onboarding projects to ensure a successful transition to CSOC for security monitoring services.

**Minimum Requirements: Skills, Experience, Education, Technical/Specialized Knowledge, Certifications, Language**
- Currently holding one or more Cybersecurity industry recognized certifications from: (ISACA, ISC2, GIAC SANS, CompTIA Security+ or higher, Offensive-Security).
- Knowledgeable with NIST Cybersecurity Framework (CSF), MITRE ATT&CK.
- Experience in building and updating SOC processes, Playbooks, Correlation rules, and Incident report.
- Alert triage, malware analysis, sandboxing, basic decoding and scripting.
- Must have at least or greater: Splunk (Core Certified Power User) certification, IBM Qradar, Azure Sentinel (SC-200) and oth