Cyber Security Analyst - Tier 2 (Hybrid Toronto - CANADA)

Cyber Security Analyst - Tier 2 (Hybrid Toronto - CANADA)

DXC Technology helps global companies run their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private and hybrid clouds.

The Tier 2 Information Security Analyst is responsible for the first line of security incident response in the client SIEM environment. The core responsibilities include the monitoring of client SIEM alerts in real-time, researching threat information, and escalating legitimate security incidents to the client. This position is also a technical escalation resource for the Tier I Information Security Analysts.

Tier 2 analysts provide a further in-depth analysis and focus on incident support and alert handling from Tier 1. They coordinate security monitoring findings with the Threat Intelligence team, vendor partners, and with specific points of contact to obtain a wider analysis of event data and its impact on designated environments.

Tier 2 analysts will utilize various meeting systems and telephone bridges to provide updates on attacks and advise clients on technical countermeasures. They will also perform a Root Cause Analysis of an attack, which may continue for an extended period beyond the resolution of an incident to gather additional information and coordinate with constituents to determine the event’s extent and severity.

Key Responsibilities:

1. Triage: In support of Tier 1 staff or independently - review, assess and act. May be direct or part of an automated action.
2. Threshold Monitoring: Actively monitor indicators that are approaching security, service, and/or compliance thresholds, including recommendations on the ongoing establishment and adjustment of said thresholds.
3. Playbooks/Threat Analysis: Execute analysis process as required. Assist in the general maintenance and improvement of the process and/or playbooks.
4. Active Investigation/Cause Analysis: Initiation and follow-through to ensure quality forensic materials are captured. Participate in Root Cause Analysis if required.
5. Escalation: Maintain the escalation chain integrity and service levels.

Requirements/Experience:

1. 2 – 4 years of relevant experience or equivalent combination of education, certifications, and work experience: undergraduate degree and 1-2 years of relevant experience.
2. 1 – 2 years of Information Technology experience with network technologies, specifically TCP/IP, and related network tools.
3. Understanding of source code, hex, binary, regular expression, etc.
4. Experience assisting the development and maintenance of tools, procedures, and documentation.
5. Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
6. Experience with reviewing raw log files, data correlation, and analysis (i.e., firewall, network flow, IDS, system logs).
7. Experience using SIEM tools, ticketing systems, and performing cyber threat analysis.

Other Requirements:

1. Hybrid – Canada – Toronto (must live within commuting distance of the office in Streetsville, Ontario, which is on the outskirts of Toronto).
2. Must be a Canadian Citizen due to government or federal regulations.

DXC is an equal opportunity employer. We welcome the many dimensions of diversity. Accommodation of special needs for qualified candidates may be considered within the framework of the DXC Accommodation Policy.

In addition, DXC Technology is committed to working with and providing reasonable accommodation to qualified individuals with physical and mental disabilities. If you need assistance in filling out the employment application or require a reasonable accommodation while seeking employment, please e-mail AODA Canada Requests.