Specialist Cyber Defense

Base Salary Range: $113683 - $155216

• SOC Operations Support: Assists in the day-to-day activities of the Security Operations Center (SOC) by monitoring alerts, escalating incidents as needed, and supporting threat detection and incident response efforts to help maintain the City’s security posture.
• Collaborate with Stakeholders to Assist with SOC Security Technologies: Supports internal IT teams, external partners, and service providers by helping with the operation, maintenance, and optimization of SOC security tools and technologies. Assists with integration efforts related to enterprise security programs (e.g., SIEM, EDR, NDR, WAAP, SOAR, etc.).
• Assist with Security Tools Management: Works with the Managed Security Services Provider (MSSP) and internal teams to monitor and maintain security tools (SIEM, EDR, NDR, WAAP, SOAR, etc.), ensuring alerts and anomalies are documented and escalated appropriately.
• Support the Application of Cyber Threat Intelligence: Supports the Threat Intelligence team by applying basic operational and tactical cyber threat intelligence to security operations, contributing to the organization's ability to detect, analyze, and respond to security events.
• Assist in Developing and Supplying Security Metrics: Supports the collection and preparation of data to track key security metrics, compliance status, and trends, under the direction of senior team members.
• Reporting Support: Assists in the preparation of security reports and metrics for senior management, contributing to visibility into the efficiency and compliance of security operations.

• Post-secondary degree in Business or Technology or a related discipline.
• Over 3 years experience in Cyber Operations
• In-Depth security monitoring experience with one or more SIEM technologies (i.e. QRadar, Splunk, Azure Sentinel), EDR solutions, and intrusion detection/prevention technologies.
• Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
• Strong understanding of security incident management, remediation steps and vulnerability management processes.
• An understanding of a Cloud enviornment's Security monitoring components (e.g. Microsoft: Defender, Sentinel; Amazon: CloudWatch, CloudTrail, Event Bridge; GCP: Chronicle Security, Event Threat Detection, Security Command Center, etc.)
• Experience with web content filtering technology - policy engineering and troubleshooting.
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.
• Experience in Incident Response or relevant cyber security field(s)
• Experience managing cases with enterprise SIEM systems.
• In depth knowledge of security vulnerabilities, exploits, malware and digital forensics as they relate to Incident Response.
• Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
• Strong knowledge of effective security practices in a large, complex environment and awareness of general security-related training requirements within this environment.
• Preferred Certifications  (any in the list):  GCIH, ECIH, CCSP, Azure, AWS or GCP Security Certifications, CISSP, CRISC, OSCP, CEH, GPEN

• Ability to work in transformative programs.
• Ability to lead efficient communication between all project stakeholders, including internal teams and clients
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors.
• Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
• Keen attention to detail and strong organizational skills.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
• Strong analytical skills and ability to prioritise and multitask.
• Ability to prioritize and effectively manage competing priorities and projects.
• Ability to manage multiple initiatives while adhering to strict deadlines.
• Able to work extremely well under pressure while maintaining a high level of professionalism
• Self-motivated person with desire to go above and beyond tasks
• Transferable skills, like communication and decision-making, are equally important.
• Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.