Cybersecurity Analyst - Canada - Prime Import Export

Prime Import Export

Verified Company

Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Décrivez les responsabilités du poste, ainsi que d'autres critères de sélection tels que l'expérience professionnelle, les compétences ou le niveau d'études.

Tasks:

Perform forensicdriven threat hunting activities to discover advanced attacks including identifying threat actor groups and TTPs using static and dynamic analysis.
Analyzing, triaging, and investigating security events across multiple platforms and using network, endpoint, and cloud telemetry.
Managing complex security incident investigations endtoend including validation, escalation, and containment.
Performing digital forensics on impacted assets including but not limited to server(s), endpoint(s) and virtualized systems.
Drafting analysis / forensic report(s)
Developing new use cases and playbooks
Conducting quality reviews of investigations to identify areas for improvement.
Supporting in the development of the detection rules and mechanisms.
Developing key service reports and deliverables including threat advisories, flash briefs, RFIs and monthly reports.
Overseeing maintenance of system tickets and alerts.
Handling security incident escalations from Level II analysts.
Supporting in the development of other team members through knowledge sharing and collaboration.
Maintaining current knowledge of InfoSec threats, vulnerabilities and TTPs.

Qualifications required:

5+ years of recent security operations experience (SOC, Incident Response, Digital Forensics, Malware Analysis, IDS/IPS Analysis, Cyber threat hunting).
Proven technical knowledge and experience working with SIEM, EDR and XDR solutions including Splunk, Kibana, Sumo Logic,Defender, Carbon Black, Crowdstrike or similar.
Proven technical knowledge and experience working with Computer Forensics solutions including EnCase, Axiom, Autopsy, DFF, FTK or similar.
Proven technical knowledge of common threat analysis models such as the Diamond Model, Cyber Kill Chain and the MITRE ATT&CK and experience using them to track, investigate or simulate attacks.
Professional certifications such as OSCP, GIAC / SANS 500+ (GCIH, GPEN, GXPN, GCFE, GCFA etc.) or other defensive and offensive technical certifications is considered an asset.
Ability and willingness to obtain a Security Clearance.

Conditions: