Info Security Analyst V

Our Client, a Banking company, is looking for an Info Security Analyst V for their Toronto, ON/Hybrid location.

Responsibilities:

• Define, develop and/or implement detection strategies, analyze security data, and create monitoring use cases to ensure timely responses to potential threats. The primary goal is to enhance the organization’s ability to detect and respond to security breaches. Develop advanced detection logics and algorithms which can efficiently spot and alert of any suspicious activity or potential threats. Perform detection gap assessments to ensure coverage across identity, network, endpoint, cloud, and application layers. This role aligns with CSOC, CSIRT, threat hunting, threat intelligence, red team, risk management, and so forth, to build a threat-informed defense system. May participate in incident support and/or projects to provide reporting, data analysis, and assessments.
• Develop security monitoring rules/use cases on SIEM platforms (Splunk, Azure Sentinel, Logscale).
• Identify cyber threats, anomalies, and risks from security-relevant data (e.g., login/logoff events, persistent to outbound data transfers, firewall allows/denies, etc.).
• Find suspicious or malicious activity by analyzing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.).
• Research and develop new threat detection use cases based on threat research findings, threat intelligence, analyst feedback, and available log data.
• Perform activities within the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
• Work with other security functions and product SMEs to identify gaps within the existing analytical capabilities.
• Participate in root cause analysis on security incidents and provide recommendations for remediation.
• Act as the liaison to business units to fulfill audit, regulatory compliance as well as corporate security policy requirements.
• Create and maintain documentation for detection processes.
• Continuously improve detection capabilities based on emerging threats.

Requirements:

• Experience in SIEM content development (Splunk, Azure Sentinel, Logscale, or similar SIEM platform).
• Understanding of various log formats and source data for SIEM Analysis.
• Minimum 5 years of information security experience, preferably engineering or development.
• Ability to effectively communicate with anyone, from end users to senior leadership - facilitating technical and non-technical communication.
• Strong incident handling/incident response/security analytics skills.
• Deep understanding of technical concepts including networking and various cyber-attacks.
• Solid background with Windows and Linux platforms (security or system administration).
• Cyber security/Information security experience 5 years.
• Experience with incident management and service management 5 years.
• Information Security 5 years.
• Linux / Windows 5 years.
• Security System Audit 5 years.
• SIEM 5 years.

Why Should You Apply?

• Health Benefits
• Referral Program
• Excellent growth and advancement opportunities

As an equal opportunity employer, ICONMA provides an employment environment that supports and encourages the abilities of all persons without regard to race, color, religion, gender, sexual orientation, gender identity or expression, ethnicity, national origin, age, disability status, political affiliation, genetics, marital status, protected veteran status, or any other characteristic protected by federal, state, or local laws.