Security Operations Center - Montréal, Canada - Kyndryl

Kyndryl

Verified Company

Montréal, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day.

So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

Introduction:

At Kyndryl, we design, run, and manage the most modern and reliable technology infrastructure that the world depends on every day.

Kyndryl Delivery operates Security services by working in partnership with customers and are dedicated to ensuring that each achieves their peak digital performance.

ś

Who You Are

Your Role and Key Responsibilities:

The security delivery support clients in managing their Security Operations and protecting their environments to mitigate security risks (e.g., insider and external threats, intentional and accidental).

Position is for an experienced security professional with demonstrated experience within Security Operations, Threat Detection & Response, Security Intelligence, CSM (Continuous Security Monitoring) and NSM (Network Security Monitoring) within the SOC operations environment.

Work in a 24/7 Global SOC Team that operates in three shifts (6:00 14:00, 14:00 22:00, 22:0 6:00)
Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority, provide analysis, determine, track remediation, and escalate as appropriate.
Utilize the intrusion detection, security scanning, security log collection, content filtering, and other security related systems to perform triage and investigation and incident response.
Lead investigations and conduct deep analysis of security events focused on rapid containment, remediation, and mitigation.
Lead in the detection, triage, analysis and response to cyberattacks.
Provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities.
Training and mentoring Level 1 peers to improve SOC Analyst capability.
Provide support for security incidents coordination with SOAR platform, providing recommendations for next steps and/or containment activities, by using different communication means.
Ensure the SOC team documentation is up to date, including investigation Playbooks and Standard Operating Procedures as well incidents have current notes related to investigation steps which were performed.
Cooperation with other Security Analysts and different teams, including Threat Hunting, Threat Intelligence, Red Team, Perimeter Protection in order to improve the SOC monitoring and defense capabilities.
Categorization and prioritization of security incidents
Looking for the correlation between various security events

Required Technical and Professional Expertise

Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.
25 years of security analyst experience, preferably in a managed services environment.
Proven experience with operations using commonly used information security solutions (with focus on Splunk, QRadar, Crowdstrike, Sentinel, TrendMicro)
Proven technology knowledge of Windows, Active Directory, Linux, SIEM Solutions, Antivirus software, Proxy.
Experience in Cloud Security monitoring and in advanced analytics (UEBA)
Knowledge of the most common and used frameworks (E.g., NIST CSF, ISO2700x, CMM SOC, etc.)
Sound experience on programming languages: Python and/or R. and/or PowerShell
Experience in REST API interfaces to support data collection or integration.
Proven knowledge of current security threats, techniques, and landscape, and a dedicated and selfdriven desire to research and learn more about the information security landscape.
Review and triage experience with endpoint detection and response tools
Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.
Strong analytical skills, decision making, being able to work under time pressure, cooperating with other people and using the escalation processes when necessary.
Experience in technical Team coordination/management would be a plus.
English: Fluent
Strong critical thinking and analytical skills and ability to think "out of the box" required.
Must be able to work independently or with a team, under minimum supervision.

Preferred Technical and Professional Experience

MBA or master's degree
CompTIA Security+, GIAC Security Essentials Certification (GSEC), SIEM & EDR Foundation certificates (Such as Microsoft Sentinel and Defender).
Microsoft, Splunk, security certifications related to SIEM, EDR products and operations (in example M