Threat Detection & Response Analyst

Role: Technical Security Analyst

Location: Toronto, CA (Remote)

Technical Skills

• Security Tools & Software: Familiarity with tools like SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), firewalls, endpoint detection and response tools, and antivirus/anti-malware software.
• Incident Detection: Ability to identify anomalies and suspicious activities using logs, alerts, and network monitoring tools.
• Malware Analysis: Understanding of how malware works and experience with tools to analyze and reverse-engineer malicious software.
• Forensic Tools: Proficiency in using forensic analysis tools like EnCase, FTK, or open-source options to investigate compromised systems.
• Networking Knowledge: In-depth understanding of networking protocols (TCP/IP, DNS, HTTP/S, etc.), VPNs, firewalls, and network traffic analysis.
• Operating Systems: Knowledge of various operating systems (Windows, Linux, macOS), especially in relation to security configurations and vulnerabilities.

Experience

• Incident Response: Hands-on experience responding to and managing cyber security incidents, including containment, eradication, and recovery.
• Threat Intelligence: Knowledge of the latest threat actors, tactics, techniques, and procedures (TTPs) used in attacks.
• Vulnerability Management: Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys) and patch management processes.
• Security Operations Center (SOC) Experience: Experience in SOC roles and monitoring environments for unusual activity.

Certifications-just looking for a solid background

• CEH (Certified Ethical Hacker)
• CompTIA Security+
• GIAC Certifications like GCIH (GIAC Certified Incident Handler) or GCFA (GIAC Certified Forensic Analyst)
• Cisco CCNA Security or CompTIA Cybersecurity Analyst (CySA+)

Knowledge of Incident Response Lifecycle

• Preparation: Familiarity with creating and maintaining incident response policies, playbooks, and procedures.
• Identification: Ability to quickly identify security events through monitoring and analysis.
• Containment, Eradication, and Recovery: Expertise in effectively isolating affected systems, removing threats, and recovering services.
• Lessons Learned: Conducting post-incident analysis to improve security posture and prevent similar incidents in the future.

Other Desired Skills

• Knowledge of Cloud Security: Familiarity with cloud environments (AWS, Azure, Google Cloud) and their specific security challenges.