Cyber Security Business Analyst

Title: Cyber Security Business Analyst

Location: Calgary, AB / Edmonton, AB

Duration: 16 months (with the possibility of extension)--Hybrid

HIGH LEVEL DESCRIPTION

The Cyber Business Analyst shall function as the primary liason between cybersecurity technical teams (e.g. SOC, detection and design, and technology and tools teams) and USUI application teams for the end-to-end enablement of application logging capability for all in-scope USUI applications. Pursuant to this objective, the Cyber Business Analyst shall support detection and design team with validating effective security monitoring of USUI applications and the SOC with incident response for USUI applications.

Further to this important responsibility, the Cyber Business Analyst shall work with the Project Manager in a coordination role to ensure the successful implementation of Network Access Controls (NAC) and Silent Defense continuous threat detection (CTD) sensors for the USUI IT and OT network respectively.

ACCOUNTABILITIES:

The
Cyber Business Analyst
shall be responsible for completing the following tasks and accountabilities

USUI Application Security Logging Enablement

• As the primary liaison for application logging enablement, shall interface with the cybersecurity technical teams and translate application logging requirements in understandable language to the USUI applications team.

• Gather, validate, and document applicable security monitoring requirements for USUI applications as per TIS-Security-12 and then develop comprehensive guidance for implementing these requirements using the guidance contained in TIS-Security-337.

• Develop and maintain and applications security logging playbook that enables a structured approach to engaging the USUI applications teams. A playbook that ensures cybersecurity is gathering the right information as well as communicating accurate requirements to the application teams.

• Maintain a solid understanding of the cybersecurity posture and attributes of USUI applications (L1, L2 and all external-facing apps) that are in-scope for application security logging enablement.

• Post-logging collection and aggregation, shall work with the detection and design team to define, test and validate monitoring and detection rules, as well as associated workflows for responding to alerts from these rules.

Cyber Visibility and Incident Response Support

• Develop a cyber visibility metric and dashboard that communicates current level of coverage for cybersecurity endpoint protection tools and security monitoring visibility for all USUI assets (servers & workstations) and USUI applications

• Support the Security Operations Center (SOC) with incident response by accelerating response from appropriate business owners and applications teams during an incident.

Implementation of NAC capability and Silent Defense continuous threat detection (CTD) sensors

• Coordinate the deployment of Network Access Control (NAC) for all acquired USUI IT switches

• Coordinate the deployment of Silent Defense sensors to applicable OT sites

Ancillary duties

• Support the Cyber Project Manager (PM) with other workstream tasks as needed

The Cyber Business Analysts shall take direction from the USUI Cybersecurity Workstream Lead for the successful delivery of all the accountabilities described above.

SCOPE:

• Applications – USUI applications with L1 and L2 business criticality as defined in the CMDB plus all external-facing application irrespective of business criticality

• Assets – USUI IT and OT infrastructure and network assets

• Security – Ensure adequate security monitoring visibility for in-scope USUI applications that helps improves the efficiency and effectiveness of cybersecurity incident response

KNOWLEDGE, SKILLS & ABILITIES

Business analysis and cyber skills:

• Strong understanding of both business analysis (including requirements gathering and analysis) and cybersecurity monitoring processes along with security detection and response controls as defined in NIST CSF.

• Valuable experience working closely with the SOC on security monitoring initiatives/projects and/or experience working as a SOC analyst.

• Strong understanding of the NIST SP 800-92, Guide to Computer Security Log Management

• Strong understanding of Windows and Linux operating systems logs and valuable experience working with applications logs is a huge advantage.

• Familiarity with cybersecurity monitoring tools, including but not limited to Crowdstrike, Tenable Nessus, Trellix Application Control, and other similar tools

• Familiarity with cybersecurity risk management processes and mitigation strategies