Why is this role important?
Improve and evolve a team and operational procedures to establish best in class capabilities for cyber incident detection, response and remediation. You will work with technology and infrastructure leaders from across the family of companies and key suppliers, partners, vendors, and managed service providers. Emphasis on achieving diversity targets will be important. You will bring a strong network of security companies, contacts and experience to help lead and build the capabilities to react swiftly and contain cyber threats effectively.
Your deep knowledge of security tools and technologies, security threats, tactics, techniques and procedures used by threat actors, security and enterprise IT operations, processes and incident management, will help you to conduct a cyber incident response process to support this mandate. Supplier management and service management skills will be critical to ensure valued delivery and execution of managed security services.
The Cyber Security Command center operates 7x24 across Canada and works closely with a variety of cybersecurity partners other stakeholders including IT Infrastructure, Network, Applications Privacy, Loss Prevention, HR and Legal, specifically building and maintaining an internal community of technology and infrastructure leaders around cybersecurity incident detection and response.
To support this mandate, you will work with technology and infrastructure leaders, managed security and threat intelligence service providers to develop, automate, maintain and evolve incident response playbooks, including practice drills, tabletop exercises, communications protocols, procedures, templates for consistent flow of the right information to the right people from front line staff and up to the board.
Included in the mandate of your team will be establishing capabilities for an automated response, containment and remediation. In scope will be capabilities around building and enhancement of advanced cyber analytics platform and tools, UEBA, cyber and fraud incident response; cyber, forensic and privacy investigation including CSIRT and Crisis management.
To ensure the protection of from cybersecurity threats, the Senior Specialist, Incident Response will also be a key player and part of a team providing world-class security operations capabilities and a capability aligned with our strategic direction. The Security Specialist will also be working on supporting and maintaining the infrastructure security systems and applications running the SOC. The Senior Specialist will be supporting and interacting with a multi-shift SOC and will take part in an after-hours 24x7 On-Call rotation as required.
A Bachelor's Degree or Diploma in a relevant area of study with a preference for Computer Science or Computer Engineering
Minimum of 3-5 years in Information Technology
Proven system troubleshooting experience in enterprise production IT environments
Experience with enterprise server and virtualized infrastructure hardware, Cloud operations including GCP, Azure, Oracle.
Experience with IT/Network operations including server and network/firewall configuration
Good working knowledge of and direct prior experience with enterprise security technologies:
Server platforms (Unix/Linux, Windows etc.)
Virtualized infrastructure (VMWare)
Networking and security (TCP/UDP, SSL/TSL, SSO and MFA authentication, Windows and Linux hardening, CIS benchmark)
Security Tools (IDS/IPS, SIEM, Splunk, Packet capturing, forensic encase, AV, DLP, EDR, NAC, email security)
Web technology and protection (Akamai, WAF, Shape)
Prior experience as a SOC Engineer or Analyst or systems administrator
Understanding and direct prior experience with either enterprise SIEM, UEBA and cyber analytics solutions is an asset
Direct experience providing customer service and excellence
Industry certifications (ISC2: CISSP, CCSP, ISACA: CISM, SANS: GSEC, GCIA, GMON) are strong assets
Strong understanding of PCI compliance considered an asset
Scripting knowledge( VBS/JS, Powershell, Bash, Python)
Experience and/or knowledge of security and privacy enhancing technologies such as identity management, application security and network security technologies