Senior Operations Analyst – Investigations
Job Type: Permanent
Primary Location: Toronto, Ontario, Canada
All Available Locations: Toronto
Reporting to the SOC (Security Operations Centre) team lead at a permanent client work site in downtown Toronto, the incumbent is self-motivated, energetic, driven for success and results oriented. In-depth knowledge of security monitoring, incident handling, security operations processes, threat management, and common industry technologies supports delivery and execution of managed security services offered by Deloitte. The analyst will also be a key player in building world-class security operations capability that is aligned with our strategic direction and that helps the firm better deliver on new and existing engagements.
- Triage and perform in-depth investigation of security alerts received from various client security technologies including but not limited to SIEM, IPS/IDS and AV with a focus on determining whether a security incident has occurred, identifying the root cause and providing appropriate recommendations for remediation.
- Act on security alerts and assigned incidents as per defined response procedures and ensure timely resolution of incidents.
- Act as a point of escalation for and provide guidance to junior security analysts on the investigation of security alerts and incidents.
- Analyze activity trends in the client’s environment to contribute to the tuning and development of SIEM use cases and other security alerts to reduce false positives and enhance threat detection capabilities.
- Contribute to the development of custom content (e.g. malware detection and IPS/IDS signatures and SIEM use cases) for the detection of emerging threats.
- Provide subject matter expertise and escalation support for security incidents and initiatives/projects related to deployed security technologies.
- Work closely with your team to exceed our client’s expectations while identifying and mitigating business risks associated with projects.
- Build knowledge of and stay current on developments in the cyber threat landscape to adapt investigation techniques and provide recommendations to the client on responding to and remediating related incidents.
- Provide leadership and oversight for the Deloitte investigation team at the client site.
- Participate in and lead, when required, continuous improvement activities through identification and remediation of operational process or security control configuration deficiencies.
- Participate in the compilation of service reports and performance metrics for the SOC to be reviewed by Deloitte and client leadership teams.
A Bachelor’s Degree / Diploma in a relevant area of study with a preference for Computer Science, Information Security or Computer Engineering
Minimum of 2 years in an information security focused position
Good working knowledge of one or more of the following topics:
Operating systems (UNIX, Linux, Windows)
Security technologies (SIEM, firewalls, IDS/IPS, HIPS, proxies, vulnerability scanners, AV, etc.)
Penetration testing and ethical hacking
Vulnerability assessment and management
Direct prior experience with core security technologies (SIEM, firewalls, IDS/IPS, HIPS, proxies, vulnerability scanners, AV, etc.)
Prior experience as a SOC Analyst ideally working in a CIRT
Permanent work location in downtown Toronto with occasional travel to client sites across Canada.
Industry certifications (CISSP, GIAC – GREM/GCIH/GCIA/GCFA) are a strong asset
Proficiency in scripting languages (Python, shell, etc.)