This role will require 3 days per week in our downtown Kitchener Office.
The NetSutie Sec Ops team is hiring! We're looking for anyone who has a background with security, academic or otherwise but finds themselves looking to pivot from a System Admin role or SRE role. Sec Analysts will primarily focus on monitoring the NSGBU service environments. These analysts are the front-line defense, tasked with monitoring our security tools, performing initial triage, and executing our processes.
Responsibilities:
· Monitoring, triaging, processing, and escalating security events received from multiple services and log sources
· Initial collection of evidence related to security events
· Collection of evidence related to compliance audits
· Validation and regular review of processes and procedures
· Identification, escalation, and follow-up on of false positives
· Routine audits of ACL and Security Lists
· Process initial mitigation and containment procedures
· Coordinate with service and operations teams to validate security events and anomalous activity
· Identify and recommend security event suppression, adjustment, modification, and tuning based on daily monitoring
· Document initial triage and escalation of security events and alerts
· Provide daily reports of security events and alerts
· Determine and report on possible cause of security events and alerts
· Operate security tools for continual monitoring and analysis of system/network activity to identify malicious activity
· Assist in the construction of security alerts and processes based on knowledge gained from daily monitoring and triage
· Notify designated managers, and responders of suspected cyber incidents including the event's history, status, and potential impact
· Monitor external data sources to maintain basic knowledge of threat conditions
· Recognize a possible security violation and take appropriate action to escalate the incident, as required
Basic understanding of:
· Computer networking concepts and protocols, and network security methodologies
· Host/network access control mechanisms
· Intrusion detection methodologies and techniques
· How traffic flows across the network (TCP/IP, OSI, ITIL)
· System and application security threats and vulnerabilities
· Types of network communications (LAN, WAN, MAN, etc)
· File extensions (.zip, .sh, .pcap, .bat, .dll, .py, etc)
· Interpreted and compiled computer languages
· Common attack vectors
· Attack classes (passive, active, insider, distributed, etc)
· Incident response and handling methodologies
· Authentication, authorization, and access control methods
· Information technology (IT) security principles and methods
· Network traffic analysis methods
· Operating systems
· Cyber attackers
· Defense-in-depth principles
· System administration, network, and operating system hardening techniques
· Cyber attack stages
· Network security architecture concepts
· Windows/Unix ports and services
· Operating system command-line tools
· Network protocols
· Running knowledge of cyber threats and vulnerabilities
· Understanding security events related to:
· Operating system (Linux and Windows) logs
· Database logs
· VPN logs
· Knowledge of adversarial tactics, techniques, and procedures
· Understanding the use of the following:
· Network tools (ping, traceroute, nmap, etc)
· Host base tools (Tanium, basic Linux and Windows native tools)
· SIEM (Splunk, ELK, Lumberjack, Splunk Enterprise Security, etc)
· Understanding of cybersecurity and privacy principles and related organizational requirements
Skills
· Detecting host and network-based intrusions via intrusion detection technologies
· Using protocol analyzers
· Recognizing and categorizing types of vulnerabilities and associated attacks
· Reading and interpreting signatures
· Conducting trend analysis
· Evaluating information for reliability, validity, and relevance
· Identifying cyber threats which may jeopardize organization and/or partner interests
· Preparing and presenting briefings
· Providing analysis to aid writing phased after action reports
· Using Boolean operators to construct simple and complex queries
· Using multiple analytic tools, databases, and techniques
· Using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches
· Utilizing virtual collaborative workspaces and/or tools (Zoom, JIRA, Confluence, Oradocs, Slack, etc)
· Performing packet-level analysis
· Utilizing a SIEM to detect, research, and perform initial triage of security events
· Exercising good judgement in escalating security events
Abilities
· Think critically
· Ability to think like threat actors
· Apply techniques for detecting host and network-based intrusions using intrusion detection technologies
· Interpret the information collected by network tools
· Recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists
· Effectively collaborate with virtual and remote teams
· Evaluate information for reliability, validity, and relevance
· Exercise judgment when policies are not well-defined
· Function effectively in a dynamic, fast-paced environment
· Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts, both internal and external to the organization, to demonstrate analytical and technical expertise
· Recognize and mitigate cognitive biases which may affect analysis.