Cybersecurity - Operations and Threat Detection Analyst

Tech Talent International (SI) supplies technical talent to a variety of clients ranging from Fortune 100/500/1000 companies to small and mid-sized organizations in Canada/US and Europe.

We currently have a role as a Cybersecurity - Operations and Threat Detection Analyst with our large consulting client on a long term project with a major financial services client in the downtown Montreal area.

This role can either be a fulltime, perm role or a long term C2C contract.

Role: Cybersecurity - Operations and Threat Detection Analyst

Type: Permanent or Contract 40 hrs/week

Location: Hybrid - Downtown Montreal, QC -(roles starts off 5 days in office for 1st 3 months, then turns into hybrid setup 3 days onsite, 2 days from home)

Salary: $110,000 - $120,000 + 9% bonus + 3-5 weeks paid vacation + RRSP contribution + benefits + sick/personal days

Contract Rate Option: $100 - $105/hr C2C

Position Overview

The Production CSIRT Purple Team Expert position will provide security expertise to the 24x7 Security

Operation Center (SOC). The primary purpose of this position is to develop, implement and assist on the continuous evolution of security use cases and correlation rules which assist on detecting, preventing, and responding to cyber threats against our group's infrastructure. It provides critical support to the firm - wide cybersecurity program via partnerships in the region with our peer s globally and within our diverse lines of business as well as externally with client s, partners and regulators.

As a Production Security Purple Team Expert , you are not only responsible for the continuous use case and correlation rule development and enhancement but also expected to participate in Threat Hunting and participate in cybersecurity investigations which will enhance the 24x7 Security Opera tion Center (SOC) capabilities as the first line of defense to identify potential information security incidents.

MAIN RESPONSIBILITIES

Responsibilities include but are not limited to:

• Provide analysis and trending of security log data from many heterogeneous security devices
• Responsible for use - case development and validation
• Develop threat hunting program and capabilities
• Investigate, document and report on information security issues and emerging trends
• Perform threat hunting to identify potential adversaries within the network as well as participate in exercises with the AMER Purple Team to detect and remediate any potential gaps or use case
  defects.
• Provide support and /or research any security related questions or incidents.
• Perform tasks independently with some oversight
• Integrate and share information with other analysts and other teams.
• Follow incident - specific procedures to perform triage of potential security incidents to validate and
  determine needed mitigation and maintain said procedures up to date.
• Escalate potential security incidents to Level IV engineers, implements countermeasures in response
  to others, and recommend operational improvements
• Maintaining awareness of the bank's technology architecture, known weaknesses, the architecture
  of the security solutions used for monitoring, imminent and pervasive threats as identified by client
  threat intelligence, and recent security incidents
• Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis
  procedures, plays, client network models), false positive tuning, identifying, and recommending new or updated use cases , content, countermeasures, scripts.

Classification : Internal

• Serve as a subject matter expert in at least one security - related area ( e.g., specific malware solution, python programming, etc.)
• Actively seek self - improvement through continuous learning and pursuing advancement to a Level IV Analyst
• Adhere to internal operational security and other BNP Paribas policies
• Regular interactions with local AMER CSIRT Teams ( CTI, Purple) as well as with EMEA and APAC
  regions.
• Perform light project work as assigned

REQUIREMENTS
TRAINING AND OCCUPATIONAL EXP ERIENCE

• Experience in IT Security Incident management at level 3 or multiple years (
• In- depth technical knowledge of methods used by malware and APTs
• Extended culture on Cybersecurity
• Knowledge of security concerning the network infrastructure, UNIX and Windows environments,
  databases, package deployment tools, security tools (USB port control, hard drive encryption)
• Script writing in shell, Python, Java, PowerShell, Ansible, SQL
• Knowledge o f 5+ years of experience with the following technologies: SIEM, ELK, IDS/IPS, network -
  and host - based firewalls, data leakage protection (DLP)
• Direct experience with anti - virus software, endpoint detection response (EDR), firewalls and content
  filtering
• Experience or demonstrable knowledge in Incident response, log analysis and PCAP analysis
• Good level of knowledge in network fundamentals, for example, OSI Stack, TCP/IP, DNS, HTTP(S)
• Experience detecting and tracking and preventing network phishing

SMTP

• Good level of understanding in the approach threat actors take to attacking a
  port scanning, web application attacks, DDoS, lateral movement
• Passion to learn and to contribute to the ongoing development of the team
• Certifications like GCFA, GCIH, OSCP, or similar are good to have

Skills/Behaviors Preferred:

• Ability to demonstrate the right approach to investigating alerts and/or indicators and document your findings in a manner that both peer and executive level colleagues can understand
• Appreciation of the wider roles of interconnecting Cyber Security teams and collaboration with each of those ( i.e., Forensics / Threat Intelligence / Penetration Testing / Vulnerability Management / "Purple Teaming" etc.)
• Ability to handle fluctuating workloads, conflicting
• Analytical skills
• Strategic vision
• Rigor & Accuracy
• Flexibility
• Communication skills
• Collaboration
• Self - driven
• Ability to track various priorities and concurrent activities