Sr. Info Security Analyst - 54874

Business Unit: 4 - Protect Platform - Operations

Duration: 6 months

Extension possible: TBC

Interview Process: Virtual 1 round potential 2nd round depending on outcome

Work Location: Hybrid 310-320 Front Street West Corporate, Toronto, Ontario (In office 4 days a week)

CANDIDATE PROFILE DETAILS:

Degree/Certifications Required: Bachelor’s Degree in Computer Science/Information Security or similar discipline is preferred.

Years of experience: 5 years

Reason for request/why opened: Short term leave

% Interaction with Stakeholders: 25%

Project Scope: BAU support

Team Size: 12 people

Selling Points of Position: Working within a leading FI organization

Background: Minimum 5 years of information security experience, preferably engineering or development.

SUMMARY OF DAY TO DAY RESPONSIBILITIES:

1. Define, develop and/or implement detection strategies, analyze security data, and create monitoring use cases to ensure timely responses to potential threats.
2. Develop advanced detection logics and algorithms which can efficiently spot and alert of any suspicious activity or potential threats.
3. Perform detection gap assessments to ensure coverage across identity, network, endpoint, cloud, and application layers.
4. This role aligns with CSOC, CSIRT, threat hunting, threat intelligence, red team, risk management, and so forth, to build a threat-informed defense system.
5. May participate in incident support and/or projects to provide reporting, data analysis, and assessments.
6. Develop security monitoring rules/use cases on SIEM platforms (Splunk, Azure Sentinel, Logscale).
7. Identify cyber threats, anomalies and risks from security-relevant data (e.g. login/logoff events, persistent to outbound data transfers, firewall allows/denies, etc.).
8. Find suspicious or malicious activity by analyzing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.).
9. Research and develop new threat detection use cases based on threat research findings, threat intelligence, analyst feedback and available log data.
10. Perform activities within the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
11. Work with the other security functions and product SMEs to identify gaps within the existing analytical capabilities.
12. Participate in root cause analysis on security incidents and provide recommendations for remediation.
13. Act as the liaison to business units to fulfill audit, regulatory compliance as well as corporate security policy requirements.
14. Create and maintain documentation for detection processes.
15. Continuously improve detection capabilities based on emerging threats.

Must Have

1. Experience in SIEM content development (Splunk, Azure Sentinel, Logscale, or similar SIEM platform).
2. Understanding of various log formats and source data for SIEM Analysis.
3. Minimum 5 years of information security experience, preferably engineering or development.
4. Ability to effectively communicate with anyone, from end users to senior leadership - facilitating technical and non-technical communication.
5. Strong incident handling/incident response/security analytics skills.
6. Deep understanding of technical concepts including networking and various cyber-attacks.
7. Solid background with Windows and Linux platforms (security or system administration).