Job Title: Senior Security Analyst – Threat Intelligence & Monitoring
Employment Type: Full – Time
Reporting To: Senior Manager, Information Security & IT Governance
Location: Downtown, Toronto, Ontario
Threat Intelligence Requirements
- Data Science and Intelligence Analysis: emphasis on detecting anomalies in large unstructured data sets, ability to synthesize data and reports from different sources, make logical inferences about that data, and publish results.
- Identify, develop, and implement new detections and mitigations of security gaps across the services platforms
- Provide day-to-day management, deployment and configuration of index nodes, forwarders, search heads, on a large-scale Splunk deployment with a role in on boarding new log sources, configure and tune their deployment to match organisation security eagle eye view
- Coordinate the CSIRT program, timely escalation of events and closure of investigations into security incidents
- Document and maintain customer build documents, security procedures and processes
- Researches, applies, and delivers intelligence about active and emerging information security threats with an emphasis on the identification of new detection techniques for attacker tools, tactics and procedures
- Assists in the reduction of false positives by refining the monitoring scope and detection rules and providing insight in the investigation of security events and incidents
- Conduct Vulnerability Assessments, Penetration tests and security audits including Security trends analysis, threat modeling and data forensics and correlation to support effective and efficient intelligence gathering and analysis.
- Construct new logical monitoring scenarios and implemented them on related security technologies to support the continuous security incident detection and response program
- Ascertain and leverage trustworthy open and closed-source cyber threat intelligence data feeds.
- Provide technical guidance pertaining to risks and control measures associated with emerging threats to IT project team, infrastructure and network analysts and CAB members
- Design, recommend, plan and support implementation of project-specific security solutions to meet tactical, and control requirements.
- Manage executive management cybersecurity expectations and develop advanced reports to meet the requirements of key stakeholders, scalable security management tools, and processes.
Security Monitoring Requirement
- Develop automation for security tools management and create customized searches and applications using programming and development expertise.
- Develop security-focused content for a full scale security monitoring tools (Splunk, Algosec, Tripwire, AD Audit, Event flow etc) deployment, focusing on the creation of complex threat detection logic, dynamic operational dashboards, and data source onboarding and configure and deploy enterprise security, and architect log management or ingestion solutions.
- Operate, develop for, and maintain the Splunk log management infrastructure, leverage knowledge of several security technologies, information security, and networking, and interact with clients.
- Creating robust searches, reports, and charts. Using search process, using sub-searches, additional statistical commands and functions & formatting to produce calculating results, charting commands with options to correlate events, and advanced lookups.
- Configure integrity monitoring tools for files and database across multi platforms i.e. Windows, Solaris, Linux, Oracle etc.
- 6+ years experience configuring, implementing and administering security monitoring tools.
- Experience analyzing logs for indicators of compromise, collected from various sources.
- Knowledge of scripting languages such as PowerShell, Python, Perl, SQL to effectively support event correlation and reporting.
- Good knowledge of IT including multiple operating systems and system administration skills.
- Knowledge of penetration testing tools (Metasploit, Kali Linux etc) and ability to develop own tools would be a plus
- Work with third parties or service vendors to identify, set up and improve security monitoring requirements/filters/alerts.
- Completion of CISSP certifcation/ in progress would be an asset.
The company is committed to providing an inclusive and barrier free recruitment process to applicants with accessibility needs in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act (AODA). If you require an accommodation during this process, please inform the company of your requirements.