Sr. Cyber Security Defense Analyst (GCS)

RBC Defensive Threat Operations (DTO) team is seeking an experienced Sr. Cyber Security Defense Analyst with demonstrated competence and thought leadership capability to contribute toward the success of our Cyber Resiliency initiatives. Under the direction of the Director of Correlation Engineering, the Senior Cyber Security Defense Analyst is responsible for maintaining the RBC Security Information Event Management (SIEM) platform.

What will you do?

The Cyber Security Defense Analyst is a hands-on technologist who is an expert in the use of the technologies that comprise the RBC SIEM platform, and creates and tunes the SIEM rules to adjust the specifications of alerts and security incidents. The scope of this position is RBC Enterprise-wide and requires a very good understanding of the security controls RBC uses and how they provide value to the business.

The incumbent will work closely with other members of the Global Cyber Security teams in ensuring that the security posture of RBC is maintained and take a proactive approach in continually assessing the effectiveness and efficiency of the SIEM platform.

Essential Functions:

1. Serve as a Subject Matter Expert (SME) for the SIEM platform
2. Develop and implement effective correlation rules
3. Tune SIEM components to ensure maximum reliability and reduce false positives
4. Review security context alerts and log sources

Essential Capabilities:

1. Ability to relate to non-technical users in user-friendly language
2. Ability to understand or learn the technical implications of security threats
3. Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment

What do you need to succeed?

Must-have:

1. Bachelor of Science in a technology-related discipline or 3 years of relevant experience
2. 3-5 years of experience in a role dedicated to the configuration, maintenance and administration of SIEM Platform (Splunk, Sumo Logic, Azure Sentinel, QRadar)
3. Significant experience with and working knowledge of Syslog
4. Practical experience with Python
5. Significant experience with and expertise in creating event correlation logic and rules
6. Significant experience and expertise in using SIEM for searching and correlating events
7. Possess excellent troubleshooting, problem-solving, and verbal / written communication skills
8. Ability to manage critical situations, and maintain solid relationships with colleagues

Nice-to-have:

1. Certified SIEM certification
2. Certified Information Systems Security Profession

What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.

Leaders who support your development through coaching and managing opportunities.

Ability to make a difference and lasting impact.

Work in a dynamic, collaborative, progressive, and high-performing team.

A world-class training program in financial services.

Flexible work / life balance options.

LI-Hybrid

LI-POST

TECHCPJ

Job Skills:

Decision Making, Group Problem Solving, Identity Access Management (IAM), Information Security, Information Technology Security, IT Systems Integration, Negotiation, Security Controls, Security Information, Security Information and Event Management (SIEM), SIEM Tools, Software Development, Software Development Life Cycle (SDLC), Strategic Objectives.