Cybersecurity Analyst- Tier 2 - Toronto, Canada - ISA Cybersecurity

ISA Cybersecurity

Verified Company

Toronto, Canada

3 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

About the Role:
The Cybersecurity Analyst

Tier 2 is responsible for gathering details needed to assess the scope of a cyberattack and respond to severe attacks or those with high business impact. The Tier 2 role will clearly understand the customer's environment (i.e. current security controls) and provide consultation on security controls required to perform a risk assessment. The Cybersecurity Analyst
Tier 2 will understand industry trends and be aware of the latest news to understand needs in the customers sector.

The Cybersecurity Analyst Tier 2 will collaborate and work closely with our customers to customize SIEM use cases to ensure that they are appropriate for customers environment.

The Tier

2 will be able to create and maintain a trusting relationship with clients. This is a hybrid position with the occasional requirement to perform duties at our Toronto office location.

About Us:

ISA is a cybersecurity-focused technology firm, with over 30 years of experience helping organizations of all sizes solve complex challenges relating to IT security.

We act as trusted advisors in providing services to help our clients define, implement and manage their strategies to minimize IT security related risk, and to provide a secure business environment for their employees and customers.

We also deliver state-of-the-art cybersecurity solutions thanks to strong partnerships with the industry's leading Technology Vendors.

Responsibilities:

Monitor and analyze network traffic and IDS events from network and hostbased security appliance logs (Firewalls, NIDS, HIDS, Sys Logs) to determine correct remediation actions and escalation paths for each incident.
Investigate intrusion attempts and perform indepth analysis of exploits.
Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
Conduct proactive threat research.
Review security events that are populated in a Security Information and Event Management (SIEM) system for the creation and tuning of correlation rules and playbooks.
Creation and tuning of correlation rules and playbooks.
Independently follow procedures to contain, analyze, and eradicate malicious activity.
Perform Tier 2 incident investigation. Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
Develop and maintain monthly and quarterly report documents according to the requirements of clients.
Assist with the development of processes and procedures.
Communicate with clients and internal team members at all levels and across functional and organizational boundaries regarding security events and incidents.
Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier
Assist clients with security product implementation, onboarding and support.
Host routine meetings with clients to create, tune, and optimize use cases based on the environment of different clients. Discover any log source gaps to build out better use cases

Qualifications:

University degree or college diploma in computer science or information technology or equivalent
Two (2) years of jobrelated SOC experience
Ability to obtain a Government of Canada security clearance of at least Level
Experience with IPS/IDS/WAF and SIEMs (specifically Splunk and Microsoft Sentinel)
Experience reviewing and analyzing network packet captures
Experience performing security/vulnerability reviews of network environments
Experience in threat intelligence and advanced persistent threat analysis
Experience with enterprise antivirus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
Knowledge and understanding of data loss prevention (DLP)
Knowledge and understanding of network architecture
Strong knowledge of Windows and Linux OS
Strong research background, utilizing an analytical approach
Comfortable working against deadlines in a fastpaced environment
Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers
Highly motivated individual with the ability to selfstart, prioritize, multitask and work in a team setting

Accessibility