Lead Security Analyst (Incident Response)
Richmond Hill, ON, Canada
3d ago

The opportunity :

As a Lead Security Incident Response Analyst you will report to the Sr Manager, Security. The Lead Security IR Analyst is a highly skilled hands on experienced analyst with a focus on controlling and handling information security incidents.

Responsibilities include developing and improving incident response processes, tools, and capabilities. As the Lead Security IR Analyst, you will respond to major information security incidents.

Drawing additional resources from our technical teams, the Lead Security IR Analyst will build and lead teams to respond and remediate active threats.

As a primary interface in crisis’s, the Lead Security IR Analyst will have excellent communication and organizational skills, to support the efficient and smooth handling of incidents.

The Lead Security IR Analyst will have strong skills in collaborating and coaching to supervise junior and ad-hoc responders.

The Lead Security IR Analyst may be required to develop and test Incident Response plans.

You are great at :

  • Coordinating Incident Response activities through all phases of the Security Incident Response Lifecycle
  • Managing the entire lifecycle of FedRAMP escalated security incidents from detection to resolution and root cause analysis
  • Researching and understanding Cybersecurity threats, threat actors, trends in adversary activities, attack vectors and Tactics, Techniques and Procedures (TTPs)
  • Performing digital forensic investigations, able to collect and analyze digital evidence in a forensically sound and defensible manner and familiar with associated legal concepts
  • Developing and implementing processes and procedures, identifying improvements, and driving efficiencies.
  • Developing solutions to critical and complex technical situations, providing technical expertise and guidance to technical and non-technical stakeholders
  • Leading security program improvements and efficiencies across security technologies, processes, and services
  • Understanding the current regulatory environment in most major geographies and how to identify data privacy issues and potential reporting requirements during incidents and investigations
  • Communicating up or down, technical report writing, distilling, and prioritizing information, and presenting findings to technical teams and executive audiences in a clear and precise manner
  • Leading security program improvements and efficiencies across security technologies, processes, and services
  • Performing detailed technical analysis including network and host-based forensics, log analysis, and static and dynamic malware analysis
  • Coordinating with IT operations teams to execute containment, eradication, and remediation activities in response to incidents
  • Understanding infrastructure design, network security architecture, network protocols, encryption technologies and can collect, correlate, and analyze network logs, flow and traffic data from most sources including firewall, proxy, web server, IPS / IDS, VPN, and load balancers
  • Maintain monthly staffing metrics and operational metrics related to quality, accuracy, and timeliness of deliveries and performance
  • Develop, implement, and maintain IR policies, runbooks, processes, and procedures covering all aspects of team responsibilities
  • What it takes :

  • 6+ years of experience in a security or incident operations role
  • BS in Computer Science, Cyber Security, Information Assurance, or Information Security
  • Experience and working knowledge of live forensics tools such as EnCase Enterprise
  • Familiarity with commonly used information security concepts, best practices, and standard procedures
  • Capable of working under pressure in a continually changing fast paced environment
  • Must be able to establish priorities, work independently and lead assigned staff to complete objectives
  • Experience with SIEM (Security Information Event Management) tools such as LogRhythm
  • Should have operational understanding of UTM, ATP, and TVM technologies
  • Resourceful in knowing how to research problems and find information on security related topics
  • Experience with trouble ticketing and change management tools
  • Must be able to evaluate and apply concepts of risk management and prioritization to security issues
  • Must have direct working experience with all major OS such as Windows / Mac / Linux
  • Rotational 24x7 on call
  • Experience with FedRAMP IR requirements
  • Practical skills in digital forensics
  • Good analytic, troubleshooting and problem solving
  • Strong written and verbal communication skills
  • Ability to work alone with minimal supervision effectively and efficiently
  • Knowledge of ISO information security standard families, particularly NIST SP800-61r2, ISO 27001 and 27002
  • GIAC, EnCE, CCE, CISSP, CISM, or ISSMP certifications preferred
  • Work Location

    The preferred location for the position is either in Waterloo, Toronto or Montreal.

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form