Role: Technical Security Analyst
Location: Toronto, CA (Remote)
Technical Skills
- Security Tools & Software: Familiarity with tools like SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), firewalls, endpoint detection and response tools, and antivirus/anti-malware software.
- Incident Detection: Ability to identify anomalies and suspicious activities using logs, alerts, and network monitoring tools.
- Malware Analysis: Understanding of how malware works and experience with tools to analyze and reverse-engineer malicious software.
- Forensic Tools: Proficiency in using forensic analysis tools like EnCase, FTK, or open-source options to investigate compromised systems.
- Networking Knowledge: In-depth understanding of networking protocols (TCP/IP, DNS, HTTP/S, etc.), VPNs, firewalls, and network traffic analysis.
- Operating Systems: Knowledge of various operating systems (Windows, Linux, macOS), especially in relation to security configurations and vulnerabilities.
Experience
- Incident Response: Hands-on experience responding to and managing cyber security incidents, including containment, eradication, and recovery.
- Threat Intelligence: Knowledge of the latest threat actors, tactics, techniques, and procedures (TTPs) used in attacks.
- Vulnerability Management: Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys) and patch management processes.
- Security Operations Center (SOC) Experience: Experience in SOC roles and monitoring environments for unusual activity.
Certifications-just looking for a solid background
- CEH (Certified Ethical Hacker)
- CompTIA Security+
- GIAC Certifications like GCIH (GIAC Certified Incident Handler) or GCFA (GIAC Certified Forensic Analyst)
- Cisco CCNA Security or CompTIA Cybersecurity Analyst (CySA+)
Knowledge of Incident Response Lifecycle
- Preparation: Familiarity with creating and maintaining incident response policies, playbooks, and procedures.
- Identification: Ability to quickly identify security events through monitoring and analysis.
- Containment, Eradication, and Recovery: Expertise in effectively isolating affected systems, removing threats, and recovering services.
- Lessons Learned: Conducting post-incident analysis to improve security posture and prevent similar incidents in the future.
Other Desired Skills
- Knowledge of Cloud Security: Familiarity with cloud environments (AWS, Azure, Google Cloud) and their specific security challenges.
