Expert Operation Center & Event Management (Threat Hunting) (BB-6041C)

Found in: Talent CA

At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!Job SummaryThe role of the Expert, Security Operation Center is to provide technical leadership for the Security Operations Center team in protecting the integrity and confidentiality of CN information assets while enabling business functionality in all systems and environments, by supporting applicable security solutions. As a subject matter expert, the individual oversees development and collaborates with various relevant teams. The individual provides technical assessments and recommendations to surfacing issues and for new projects.As part of a Security Operations Center team and according with CN’s workforce strategy, the Expert will interact and help shape permanent employees and a variable number of consultants depending on on-going projects and initiatives. Some of the projects the Expert will work on will be unchartered territory, and will need to be built from the ground up – it takes vision and an innovative mind-set to make that happen. The Expert needs to be enthusiastic, driven, conscientious, and accountable and a natural leader as well, with the ability to foster these values within the department.Main ResponsibilitiesOperation supportLead the team by providing technical guidance and methodology with regards to the security practice.Interface and guide product managers, project managers (PMs) and architecture in order to align corporate priorities within the team.With a constant attention to OPEX/CAPEX costs, ensure solutions are in line with business expectations and CN’s visionContribute to process improvement and elaboration.Contribute to RFPs & RCA’sParticipate collecting, assessing, and cataloging threat indicatorsPractice EvolutionEnable the Continuous Service Improvement lifecycle which includes:Reporting and Report Generation for various internal audiencesConduct regular interactions with GovernanceEnable the Security Management LifecycleOversee process improvements, and drive implementation of new capabilities to enhance defense and response of CN systems and networksHigh quality standards must be developed and applied to in order to reduce impact on operations, reduce TCO (Total Cost of Ownership).Provide information security risk analysis and strategic recommendations for the ongoing improvement of the security posture of corporate networks, systems and services.Develop comprehensive security write-ups and presentations, which describe security issues, analysis, and remediation techniques to company leadershipAct as liaison between different departments providing guidanceProvide targeted training and workshops to various teams on a regular basisDeliveryOversee development of new security operations literature for use across CN information security functions by SOC team members.Maintain knowledge of the threat landscapeImplement a proven testing methodology using industry-leading tactics and techniques.Adapt information security approaches to target real-world enterprise challengesWorking ConditionsThis role may require occasional business travel in accordance with CN policy for meetingsRequirementExperience7-10 years Security industry experience including a minimum of 5 years of experience demonstrating technical leadership qualities and/or overseeing deliverablesDemonstrated experience building and managing systems and programs.Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.Demonstrated ability to lead the development of specific proactive procedures for the detection of security breaches across a large enterprise networkDetailed knowledge of security assessment methodology and risk management process.Education/Certification/DesignationMaster’s Degree in Computer Science or related field OR equivalent work experienceCertifications:GCFA (Advanced Incident Response, Threat Hunting and Digital Forensics)GCED (GIAC Certified Enterprise Defender)CISSP (Certified Information Systems Security Professional)GCIH (GIAC Certified Incident Handler)CISM (Certified Information Systems Manager)GEVA (GIAC Enterprise Vulnerability Assessor)CRISC (Certified in Risk and Information Systems Control)General Skills and CompetenciesEngages and inspires passion – motivates peopleAbility to coach peopleTactful and exercises good judgmentOperational and results focusProfessional customer orientationSolid problem-solving skillsProcess driven and able to turn strategy into tactical actionable tasks.Creativity and strong analytic skillsAbility to analyze problems quickly and accurately and adopt effective courses of actionProject delivery skills (solid understanding of Project Management or equivalent experience)Strong interpersonal skills to interact positively and productively with teams across organizational lines, including administrative/executive staffStrong communication skills with demonstrated ability to communicate with technical and non-technical staff.Proven ability to work in a complex, fast-paced, and rapidly changing operations environmentTechnical Skills/KnowledgeIdentify and track new Tactics, Techniques, and Procedures (TTPs) associated with known threat actors to enhance our cyber threat intelligence database and develop countermeasures in response to threat actors.Ability to detect and investigate intrusion attempts and perform in-depth reverse engineering analysis of exploits.Expert knowledge in analyzing (parse logs) a variety of network and endpoint-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.Knowledge of various scripting languages (Python, Perl, JavaScript, etc.).About CNAs a leading North American transportation and logistics company, CN is a true backbone of the economy. With a team of approximately 25,000 railroaders, our focus is on moving both our company and the economy forward. We transport US$200 billion worth of goods annually for a wide range of business sectors from resource to manufactured products to consumer goods, across a 20,000-mile network spanning Canada and mid-America. CN is the only Canadian company listed in the Transportation and Transportation Infrastructure sector of the Dow Jones Sustainability World Index (DJSI). Launched in 1999, the DJSI World represents the gold standard for corporate sustainability. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.For internal candidates, note that the grade level of the position will depend on the employee's experience.CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email. Apply NowShare Save Job

calendar_today5 days ago


location_on Montreal, Canada

work CN

I expressly authorise the Terms and Conditions

Similar jobs