Cybersecurity Operation Analyst
Thales
- Fredericton, NB
- Permanent
- Full-time
- Monitor, analyze, and report possible Cyber-attacks or intrusions, anomalous, and misuse activities.
- Leverage variety of Cyber Security tools (SIEM, EDR, and Sandbox) for analysis to identify malicious activity.
- Analyze identified malicious activity to determine Tactics, Techniques, and Procedures (TTPs), gather indicator of compromise (IOC) and any relevant information.
- Assess cyber risks and recommend pragmatic mitigation strategies.
- Participate in threat-hunting activities, looking for anomalies. Ingest, analyze, and contextualize data and turn that into intelligence for threat assessment and risk management.
- Create queries/rules for specific threat searches, reports, and alerts on SIEM based on the incident, latest threat intelligence and cyber security trends.
- Participate in the refinement and optimization of correlation rules and security use cases. Support testing and validation of existing detection rules against a variety of attack scenarios to ensure their effectiveness.
- Provide feedback, and contribute to improvement SOC operations, alerts classification to minimize false positive.
- Support the investigation and provide pragmatic advice to remediate security incidents.
- Follow incident response process, document, and escalate security incidents. Stay up to date with security incidents until closure.
- Conduct research, analysis and correlate gathered data from various sources to gain situational awareness and determine the impact of the incident.
- Assist in secure collection of artifacts, analyze for malicious behavior, and carry out analysis to determine the root cause of events.
- Stay up to date with the latest Common Vulnerabilities and Exposures (CVE).
- Advice and track vulnerabilities and remediation efforts.
- Provide daily summary reports of Cybersecurity incidents, operation statistics of monitoring tools, and latest Cybersecurity related news.
- Perform trend analysis and develops metrics and reports on intelligence and incidents for management.
- Contribute to the creation, update of Security Operation and incident response best practices, and processes.
- Support customer onboarding projects to ensure a successful transition to CSOC for security monitoring services.
- Willingness to work flexible shifts between 8:00 AM to 8:00 PM.
- Minimum of 3 years of relevant experience in System or Network Architecture and Administration, or Security Analysts, Security Operations Center (SOC), or Incident Responder, Computer Emergency Response Team (CERT)
- Proven experience working in a SOC environment, handling security incidents, and utilizing security tools. Attended shift hand-over and worked on a flexible shift schedule.
- Experience in building SOC processes, Playbooks, Correlation rules, and Incident report.
- Strong fundamentals in IT networking, servers, security principles and strong troubleshooting skills.
- Knowledge of NIST Cybersecurity Framework (CSF), MITRE ATT&CK and Cyber Kill Chain
- Proficient in various SIEM, EDR, log collections technology and solutions.
- Proficient in alert triage, malware analysis, sandboxing, basic decoding, and scripting.
- Familiarity with various cybersecurity tools, operating systems, and technologies.
- Curiosity and attention to detail are essential.
- Ability to analyze complex security events and draw meaningful conclusions.
- Persistence, and creative thinker
- Maintain accurate and detailed records of security incidents, investigations, and actions taken.
- Utilize various data sources and analytical insights to construct threat scenarios and perform threat modeling.
- Currently holding one or more Cybersecurity industry recognized certifications (ISACA, ISC2, GIAC SANS, CompTIA, Offensive Security, and others)
- Must hold or complete the training and attain the following certifications:
- Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA), xSOAR
- Splunk (Core Certified Power User)
- Microsoft Azure Sentinel (SC-200)
- IBM Qradar and other SIEM certification is a plus.
- Shift 1: 8:00 – 16:00
- Shift 2: 10:00 – 18:00
- Shift 3: 12:00 – 20:00
- Company paid Extended Health, Dental, HSA, Life, AD&D, Short-term Disability, Cancer Care Program, t ravel insurance, Employee Assistance Plan and Well-Being program.
- Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period.
- Company paid holidays, vacation days, and paid sick leave.
- Voluntary Life, AD&D, Critical Illness, Long-Term Disability.
- Employee Discounts on home, auto, and gym membership.