Purpose of Role
Working as part of the Keyloop Information Security team, the Senior Cyber Security Incident Response (CSIRT) Analyst will work as part of a team monitoring, detecting, and responding to threats to the Corporate IT, Data Centre and Cloud estate.
Joining the team at a key time you will play an integral role in helping to develop and shape their operational security capabilities.
This position would suit someone who has performed a security role within a SOC or CSIRT capacity.
Continuous monitoring of security tooling and responding to alerts and events
Performing regular and ad-hoc investigations into potential attacks and vulnerabilities
Identification of threat origins and defining appropriate mitigation tactics
Coordinating and following up on response activities across infrastructure, application, legal and security teams
Incident, event management, request and change management associated with security related threats
Maintaining centralised logging and reporting of incidents, events, and changes
Ad hoc involvement in administration, maintenance, and management of security tools
Skills / Knowledge & Experience
Bachelor’s degree in Computer Systems Engineering, Computer Science or related
SOC, CSIRT or CERT operational environment experience
Windows / Linux experience
TCP / IP networking protocol knowledge
Experience reviewing and analysing Security Events from various monitoring and logging sources
Experience in website and web application security assessment or penetration testing
Experience of using Splunk
Experience of ITSM practices such as ITIL
Scripting knowledge using BASH, Python, Perl, Ruby
Skills in Host and Network threat investigation & forensics
Technical / Professional qualification
At least 5 years’ commercial experience within a similar role
Understanding of security protocols and all relevant relations such as HTTPS, TLS, SSL, SSH, PKI, IPSEC, VPN
Understanding of Cloud and / or SAAS
Ability to run and configure security testing tools and analyse the results.
Experience of security monitoring and Security Operation Centre (SOC) tools
The following certifications / qualifications are desirable : SANs Courses / Qualifications (GCIH, GCTI)CISSP / CISMCREST certification CySA+Certified Ethical Hacker (CEH)CCNA or other Cisco Qualifications
Location : Winnipeg, Manitoba