Cybersecurity Analyst Tier 2

**About the Role**:
The Cybersecurity Analyst
- Tier 2 is responsible for gathering details needed to assess the scope of a cyber-attack and respond to severe attacks or those with high business impact. The Tier 2 role will clearly understand the customer’s environment (i.e. current security controls) and provide consultation on security controls required to perform a risk assessment. The Cybersecurity Analyst
- Tier 2 will understand industry trends and be aware of the latest news to understand needs in the customers sector.

The Cybersecurity Analyst Tier 2 will collaborate and work closely with our customers to customize SIEM use cases to ensure that they are appropriate for customers environment. The Tier
- 2 will be able to create and maintain a trusting relationship with clients. This is a hybrid position with the occasional requirement to perform duties at our Toronto office location.

**About Us**:
ISA is a cybersecurity-focused technology firm, with over 30 years of experience helping organizations of all sizes solve complex challenges relating to IT security. We act as trusted advisors in providing services to help our clients define, implement and manage their strategies to minimize IT security related risk, and to provide a secure business environment for their employees and customers. We also deliver state-of-the-art cybersecurity solutions thanks to strong partnerships with the industry’s leading Technology Vendors.

**Responsibilities**:

- Monitor and analyze network traffic and IDS events from network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs) to determine correct remediation actions and escalation paths for each incident.
- Investigate intrusion attempts and perform indepth analysis of exploits.
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
- Conduct proactive threat research.
- Review security events that are populated in a Security Information and Event Management (SIEM) system for the creation and tuning of correlation rules and playbooks.
- Creation and tuning of correlation rules and playbooks.
- Independently follow procedures to contain, analyze, and eradicate malicious activity.
- Perform Tier 2 incident investigation. Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
- Develop and maintain monthly and quarterly report documents according to the requirements of clients.
- Assist with the development of processes and procedures.
- Communicate with clients and internal team members at all levels and across functional and organizational boundaries regarding security events and incidents.
- Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2.
- Assist clients with security product implementation, onboarding and support.
- Host routine meetings with clients to create, tune, and optimize use cases based on the environment of different clients. Discover any log source gaps to build out better use cases

**Qualifications**:

- University degree or college diploma in computer science or information technology or equivalent
- Two (2) years of job-related SOC experience
- Ability to obtain a Government of Canada security clearance of at least Level 1
- Experience with IPS/IDS/WAF and SIEMs (Splunk, Microsoft Sentinel, IBM QRadar/QRoC)
- Experience reviewing and analyzing network packet captures
- Experience performing security/vulnerability reviews of network environments
- Experience in threat intelligence and advanced persistent threat analysis
- Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
- Knowledge and understanding of data loss prevention (DLP)
- Knowledge and understanding of network architecture
- Strong knowledge of Windows and Linux OS
- Strong research background, utilizing an analytical approach
- Comfortable working against deadlines in a fast-paced environment
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers
- Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting

**Accessibility