Summary: The IT Security Operations Specialist is responsible for detecting, preventing, and remediating security threads and incidents through the implementation and management of preventive measures, controls, policies, and tools.
Reports to: Associate Director, IT Operations
Effective Date: December 2024
Duration: 1-year Contract
Function:
The IT Security Operations Specialist is responsible for detecting, preventing, and remediating security threats and incidents through the implementation and management of preventive measures, controls, policies, and tools. This role also involves collaborating with other teams to protect the organization's infrastructure, systems, and data, ensure compliance with security policies, and maintain the overall security posture of the organization. It requires a strong understanding of cybersecurity principles, leadership skills, and effective incident response capabilities.
Core Competencies:
- Attention to Detail: Keen eye for identifying anomalies and potential security threats.
- Proactive Attitude: Ability to anticipate security issues and take preventive measures.
- Flexibility, time management skills and ability to prioritize and deliver on time.
Position Accountabilities:
- Monitor Security Systems: Continuously monitor security alerts and events from various sources, including SIEM, firewalls, IDS/IPS and other security tools. Ensure timely detection and response to potential security incidents.
- Incident Response: Investigate and respond to security incidents, such as malware infections, unauthorized access, and other security breaches. Coordinate with other teams to contain and remediate incidents, ensuring minimal impact on operations. Document incidents thoroughly, conduct post-incident analysis to improve future response efforts, and develop, implement, and maintain comprehensive incident response policies and processes. Conduct regular tabletop exercises to test and improve these plans.
- Threat and Risk Analysis: Analyze and assess potential security threats, vulnerabilities, and risks to the organization. Conduct regular risk assessments to identify and prioritize risks. Provide actionable recommendations for improving security measures and mitigating identified risks. Stay informed about emerging threats and adapt strategies accordingly.
- Compliance: Ensure compliance with relevant security standards, policies, and regulations, such as ISO 27001, CIS Controls, and NIST frameworks. Assist in internal and external audits and assessments, providing necessary documentation and evidence of compliance. Implement and maintain security policies and procedures to meet regulatory requirements.
- Regular Security Assessments: Conduct regular security assessments, including vulnerability scans, penetration tests, and security audits, to identify and address potential weaknesses. Use the findings to enhance the organization's security posture and reduce risk.
- Collaboration and Communication: Work closely with other teams and stakeholders to ensure security measures are integrated into all business processes. Communicate effectively to raise awareness and understanding of security policies and procedures.
- Continuous Improvement: Stay up to date with the latest security trends, technologies, and best practices. Participate in training and development opportunities to enhance skills and knowledge. Contribute to the continuous improvement of security processes and tools by providing feedback and suggestions based on hands-on experience and industry developments.
- Reporting: Prepare and present detailed reports on security incidents, trends, and the overall security posture to management and other stakeholders. Use these reports to highlight areas of concern, track progress on security initiatives, and support decision-making processes. Develop metrics and KPIs to measure the effectiveness of security controls.
Qualifications And Skills
- Strong knowledge of cybersecurity principles, attack vectors, practices and technologies
- Ability to respond effectively to security incidents and manage crisis situations.
- Experience with security information and event management systems (SIEM)
- Experience with security orchestration, automation and response systems (SOAR)
- Experience with risk management frameworks (CIS, NIST and SANS)
- Experience with IAM, RBAC, access control, and network security, PAM and PIM
- Experience with cloud infrastructure security architecture, configurations, and controls
- Experience performing vulnerability assessments and threat hunting and modeling
- Experience with intrusion detection/prevention systems (IDS/IPS) and firewalls.
- Experience with endpoint protection, detection and response solutions EPP, EDR, XDR
- Experience with ZTNA, NGFW and cloud firewalls.
- Experience with vulnerability management systems
- Experience with secure configuration management.
- Experience with Network infrastructure, switches and firewalls
- High competence in the following systems, tools and technologies:
- Windows server operating systems (OS, AD, FS, GPOs)
- Python, PowerShell and Azure command line
- Network security protocols TCP/IP/DHCP/DNS/VLAN/VPNs, SSL/TLS, IPsec
- RADIUS, LDAP, ADAL, SSL, SSO, MFA
- A mind-set towards integration, automation and continuous improvement
- Ability to work with minimum supervision
- Work outside of business hours as needed.
Education,
Certifications and Experience Requirements:
- University or college degree in IT or related field.
- Minimum of 5 years of experience in a SOC or similar role.
- Relevant certifications such as CISSP, CISM, CCSP or equivalent are highly desirable.
- ITIL certification or previous experience is preferred
While our office is in Ottawa, Ontario, we will consider candidates based in locations across Canada for this position .
We thank all applicants for their interest, however only those under consideration for the role will be contacted.
At CREA, we are committed to fostering an inclusive, barrier-free and accessible environment. Part of this commitment includes arranging accommodations to ensure an equitable opportunity to participate in the recruitment and selection process. If you require an accommodation, we will work with you to meet your needs.
