Reporting to the Manager Information Security and Digital Risk, the Cyber Security Analyst will be responsible for the protection of Morguard’s proprietary and sensitive information from unauthorized modification or loss. This includes information in Morguard’s cloud-based applications as well as on-premise Information Technology (IT) and Operational Technology (OT) systems.
The Cyber Security Analyst’s primary role is to monitor the information security controls, assist IT teams and business users in maintaining compliance with information security standards and policies to reduce operational risks.
This individual works to identify and correct flaws in the company’s information systems while recommending specific measures that can improve the company’s overall security posture.
In this role, you will get an opportunity to monitor the threats to Morguard’s valuable information from threat actors as well as to build defense systems against those threats.
DUTIES AND RESPONSIBILITIES
Security Incident Management
- Responds to security alerts, filters out suspicious activity and mitigates risks before breaches occur.
- Performs detailed technical analysis utilizing various log sources from on-premise and cloud-based systems, works with IT team leads as necessary to resolve the situation.
- Documents incident details, investigation, prioritization, business impact and root cause analysis.
- Identifies possible violations and escalates issues as necessary as per Morguard’s Cyber Incident Response Plan.
Information Security Reports
- Responsible for generating Monthly and Quarterly management reports to evaluate the efficacy of the security policies in place.
- Suggests necessary changes to security policies for a more secure information system.
Vendor Risk Management
- Helps in assessing current and potential vendors, new services and new technologies from a technical security and information risk management perspective.
- Helps to verify the applicable security control practices of third-party vendors by collaborating with Morguard team leads and vendor representatives to meet Morguard’s security policy requirements.
- Performs vulnerability scans of IT and OT assets, reviews report and works with Infrastructure team leads to prioritise vulnerability remediation.
- Reviews and rates the risk of newly announced software, cloud-based solutions and operating system vulnerabilities.
- Maintains and monitors IT/OT Risk and compliance related processes, procedures and controls in order to improve the IT/OT control environment.
- Assists in PCI Compliance attestation process.
End User security awareness
- Helps to promote awareness of Information Security standards and policies among IT teams and business users of Morguard.
- Helps to create training programs and modules to educate employees and users on proper security protocols.
*Any other job-related duties and/or projects that may be assigned.
Education, Skills, Knowledge and Experience
- Bachelor’s degree in Computer Science or a related field.
- Holds industry recognized information security certification such as CISSP or actively working on achieving such certification
- Detail oriented, organized and self-motivated.
- Passionate about Cyber Security and willing to keep up to date with the latest trends in Cyber Security.
- Working knowledge of security controls, security monitoring technologies, malware detection technologies, network security, operating systems, access and identity management, application security, penetration testing, vulnerability management and security incident response.
- Very good understanding of Microsoft Active Directory, IIS, SharePoint especially as related to role-based access management.
- Understanding of Cloud Computing and its use in relation to enterprise software, Microsoft Azure, Office 365, Exchange Online, Intune etc.
- Basic knowledge of Common IT and Network security concepts including TCP/IP, routing, switching, firewalls, server management, web proxies, access control and authentication, network protocols, network and systems design.
- 2+ years of experience as a Security Analyst, in the field of Information Security and Information Risk Management in addition to Security Incident Management
- 2+ years of experience securing on-premise applications as well as applications within cloud platforms.
- Require two to five years of Information technology experience as system administrator or Network Administrator.
- Strong analytic and problem-solving skills. A hands-on and can-do attitude, with strict attention to detail.
- Ability to prioritize and meet tight deadlines.
- Ability to work independently and collaboratively.
- Experience handing, analysing SIEM alerts and creating the Use cases.
- Previous experience using a SIEM such as ArcSight, Splunk, Q-Radar, McAfee Enterprise Security Manager (ESM), SolarWinds, etc.
- Solid understanding of Microsoft Operating Systems including Servers and End user computing devices, network infrastructure (encryption, security, firewalls, etc.).
- Experience with security tools such as SIEM, Vulnerability Scanners, Microsoft Security and Compliance, Advanced Threat Protection technologies is required.
- Deep knowledge of cloud computing security (MS Azure, Office 365 Security and Compliance, Data Classification and Protection).
- Previous experience using Vulnerability and Configuration assessment tools such as Qualys, Tenable, Tripwire IP 360 etc.
Nice to Haves
- Python, PowerShell scripting skills desired.
- Basic knowledge of NIST, PCI and ISO 27001 standards.
- Ability to conduct Network and Web application penetration tests.
- Basic understanding of application security standards such as OWASP and MASVS.
We thank all applicants for their interest; however, only those selected for an interview will be contacted.
AGENCY NOTICE: Please note that Morguard does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Services Agreement with agency/recruiter, Morguard will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a previously signed agreement and advanced solicited services from a Morguard employee, Morguard explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency.
We are committed to providing accessible employment practices that are in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). If you require accommodation during any stage of the recruitment process, please notify Human Resources at (905) 281-3800.
Job Types: Full-time, Contract
- Temporarily due to COVID-19