Security Expert - PCSIRT - SIEM

Job Title: Security Expert - PCSIRT - SIEM
Job ID: 88095
Location: Montreal, Quebec


What you will be doing:

• Responsibilities include but are not limited to:

• Provide analysis and trending of security log data from many heterogeneous security devices

• Responsible for use-case development and validation

• Develop threat hunting program and capabilities

• Investigate, document and report on information security issues and emerging trends

• Perform threat hunting to identify potential adversaries within the network as well as participate in exercises with the team to detect and remediate any potential gaps or use case defects.

• Provide support and/or research any security related questions or incidents.

• Perform tasks independently with some oversight

• Integrate and share information with other analysts and other teams.

• Follow incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation and maintain said procedures up to date.

• Escalate potential security incidents to Level IV engineers, implements countermeasures in response to others, and recommend operational improvements

• Maintaining awareness of the bank's technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by client threat intelligence, and recent security incidents

• Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying, and recommending new or updated use cases, content, countermeasures, scripts.

• Serve as a subject matter expert in at least one security-related area (eg, specific malware solution, python programming, etc.)

• Actively seek self-improvement through continuous learning and pursuing advancement to a Level IV Analyst

• Adhere to internal operational security and other policies

• Regular interactions with local as well as with EMEA and APAC regions.

• Perform light project work as assigned

What you must have:

• Experience in IT Security Incident management at level 3 or multiple years (5+) at level 2

• In-depth technical knowledge of methods used by malware and APTs

• Extended culture on Cybersecurity

• Knowledge of security concerning the network infrastructure, UNIX and Windows environments, databases, package deployment tools, security tools (USB port control, hard drive encryption)

• Script writing in shell, Python, Java, PowerShell, Ansible, SQL

• Knowledge of 5+ years of experience with the following technologies: SIEM, ELK, IDS/IPS, network- and host-based firewalls, data leakage protection (DLP)

• Direct experience with anti-virus software, endpoint detection response (EDR), firewalls and content filtering

• Experience or demonstrable knowledge in Incident response, log analysis and PCAP analysis

• Good level of knowledge in network fundamentals, for example, OSI Stack, TCP/IP, DNS, HTTP(S), SMTP

• Good level of understanding in the approach threat actors take to attack a network, phishing, port scanning, web application attacks, DDoS, lateral movement

• Passion to learn and to contribute to the ongoing development of the team

• Certifications like GCFA, GCIH, OSCP, or similar are good to have.

Thank you for your interest in this opportunity. If you are selected to move forward in the process, we will contact you directly. If you do not hear from us, we encourage you to continue visiting our website for other roles that may be a good fit.


For more information about TEEMA and to consider other career opportunities, please visit our website at www.teemagroup.com