Security Analyst

Great Minds. One Goal. Canada's Success.

Help bring research to life and drive your career forward with the National Research Council of Canada (NRC), Canada's largest research and technology organization.

Within the Knowledge, Information and Technology Services (KITS) Branch, the Security Analyst is responsible for carrying out the operational activities of the Cyber Defence Team (CDT). The CDT is responsible for the security of NRC IT assets and provides advisory services to NRC employees and performs activities such as security monitoring, vulnerability assessments, and incident management.

**The key activities for this position are the following**:

- Monitors and triages cyber security events and enquiries sent to the Cyber Defence Team.
- Investigates cyber security events and incidents, recommends proactive measures and implements corrective action; conducts technical research, participates in forensic analysis; provides guidance and assistance to clients in following approved cyber security standards and procedures.
- Provides technical advice, cyber security assistance and delivers cyber security training and awareness to internal clients.
- Participates on projects to design, develop, test, implement, and support cyber security solutions to protect departmental/agency IT assets.
- Conducts research to support the development of departmental/agency work processes, standards and guidelines.
- Conducts security vulnerability assessments and analysis, supporting the development and implementation of cyber security strategies, processes, infrastructure and tools.
- Participates in the selection, installation, configuration, testing and development of cyber security tools and ensures adherence to the department/agency's cyber security standards and policies.

**Screening Criteria**:
**Education**:
Successful completion of university or post-secondary education and/or formal technical training relevant to the work.

For information on certificates and diplomas issued abroad, please see Degree equivalency

**Experience**:

- Recent experience working as a member of a security operations centre (SOC) and understanding its role within the organisation's Cyber Security program.
- Recent experience with Cyber Security event and incident management, including investigation and remediation.
- Relevant experience with the tools used for the analysis and monitoring of Cyber Security events.
- Recent experience providing sound technical advice to ensure the alignment of Cyber Security principles and guidelines/directives/policies with client requirements.
- Recent experience in the IT field, including areas such as desktop configuration and networking principles.
- Recent experience in collecting and clearly communicating technical information to clients, colleagues, and management.

**Condition of Employment**:
Secret (II)

**Language Requirements**:
Bilingual Imperative BBB/BBB

Information on language requirements and self-assessment tests

**Assessment Criteria**:
**Technical Competencies**:

- Strong knowledge of the general principles of Cyber Security operations;
- Broad knowledge of activities and technologies relevant to cyber security, including endpoint security, patch management, incident management, change management, network monitoring, malware analysis, vulnerability assessments, etc.;
- Knowledge of cyber security tools such as Microsoft Sentinel, Microsoft 365 Defender, Trellix Endpoint Security (McAfee), VMware Carbon Black;
- General knowledge of cyber security related policies, directives, standards and guidelines used in the Government of Canada;
- Knowledge of cyber security standards and frameworks from NIST, CSE, ISO, CIS, etc;
- Knowledge of reporting tools such as Power BI Report Builder will be considered an asset;
- Platform specific security training or certification (e.g. Microsoft, Trellix) will be considered an asset;
- Current industry standard security certification (e.g. CISSP, CISM, CCSP, CISA) will be considered an asset.

**Behavioural Competencies**:

- Technology support - Client focus (Level 2)
- Technology support - Communication (Level 2)
- Technology support - Initiative (Level 2)
- Technology support - Teamwork (Level 2)
- Technology support - Results orientation (Level 2)

**Competency Profile(s)**:
**Compensation**:
**Rates under review**

From $74,552 to $93,612 per annum.

An incumbent occupying a position within the CS Group is currently entitled to receive a terminable allowance of $212 per month.

In addition, the incumbent will receive the Bilingualism Bonus of $800 per year.

NRC employees enjoy a wide-range of competitive benefits including comprehensive health and dental plans, vacation, sick, and other leave entitlements, disability insurance and pension plans.

**The NRC Advantage**:
The National Research Council of Canada (NRC) is the Government of Canada's largest research organization supporting industrial innovation, the advancement of knowledge and