Security Analyst

This role will require 3 days per week in our downtown Kitchener Office.

The NetSutie Sec Ops team is hiring! We're looking for anyone who has a background with security, academic or otherwise but finds themselves looking to pivot from a System Admin role or SRE role. Sec Analysts will primarily focus on monitoring the NSGBU service environments. These analysts are the front-line defense, tasked with monitoring our security tools, performing initial triage, and executing our processes.

Responsibilities:

· Monitoring, triaging, processing, and escalating security events received from multiple services and log sources

· Initial collection of evidence related to security events

· Collection of evidence related to compliance audits

· Validation and regular review of processes and procedures

· Identification, escalation, and follow-up on of false positives

· Routine audits of ACL and Security Lists

· Process initial mitigation and containment procedures

· Coordinate with service and operations teams to validate security events and anomalous activity

· Identify and recommend security event suppression, adjustment, modification, and tuning based on daily monitoring

· Document initial triage and escalation of security events and alerts

· Provide daily reports of security events and alerts

· Determine and report on possible cause of security events and alerts

· Operate security tools for continual monitoring and analysis of system/network activity to identify malicious activity

· Assist in the construction of security alerts and processes based on knowledge gained from daily monitoring and triage

· Notify designated managers, and responders of suspected cyber incidents including the event's history, status, and potential impact

· Monitor external data sources to maintain basic knowledge of threat conditions

· Recognize a possible security violation and take appropriate action to escalate the incident, as required

Basic understanding of:

· Computer networking concepts and protocols, and network security methodologies

· Host/network access control mechanisms

· Intrusion detection methodologies and techniques

· How traffic flows across the network (TCP/IP, OSI, ITIL)

· System and application security threats and vulnerabilities

· Types of network communications (LAN, WAN, MAN, etc)

· File extensions (.zip, .sh, .pcap, .bat, .dll, .py, etc)

· Interpreted and compiled computer languages

· Common attack vectors

· Attack classes (passive, active, insider, distributed, etc)

· Incident response and handling methodologies

· Authentication, authorization, and access control methods

· Information technology (IT) security principles and methods

· Network traffic analysis methods

· Operating systems

· Cyber attackers

· Defense-in-depth principles

· System administration, network, and operating system hardening techniques

· Cyber attack stages

· Network security architecture concepts

· Windows/Unix ports and services

· Operating system command-line tools

· Network protocols

· Running knowledge of cyber threats and vulnerabilities

· Understanding security events related to:

· Operating system (Linux and Windows) logs

· Database logs

· VPN logs

· Knowledge of adversarial tactics, techniques, and procedures

· Understanding the use of the following:

· Network tools (ping, traceroute, nmap, etc)

· Host base tools (Tanium, basic Linux and Windows native tools)

· SIEM (Splunk, ELK, Lumberjack, Splunk Enterprise Security, etc)

· Understanding of cybersecurity and privacy principles and related organizational requirements

Skills

· Detecting host and network-based intrusions via intrusion detection technologies

· Using protocol analyzers

· Recognizing and categorizing types of vulnerabilities and associated attacks

· Reading and interpreting signatures

· Conducting trend analysis

· Evaluating information for reliability, validity, and relevance

· Identifying cyber threats which may jeopardize organization and/or partner interests

· Preparing and presenting briefings

· Providing analysis to aid writing phased after action reports

· Using Boolean operators to construct simple and complex queries

· Using multiple analytic tools, databases, and techniques

· Using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches

· Utilizing virtual collaborative workspaces and/or tools (Zoom, JIRA, Confluence, Oradocs, Slack, etc)

· Performing packet-level analysis

· Utilizing a SIEM to detect, research, and perform initial triage of security events

· Exercising good judgement in escalating security events

Abilities

· Think critically

· Ability to think like threat actors

· Apply techniques for detecting host and network-based intrusions using intrusion detection technologies

· Interpret the information collected by network tools

· Recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists

· Effectively collaborate with virtual and remote teams

· Evaluate information for reliability, validity, and relevance

· Exercise judgment when policies are not well-defined

· Function effectively in a dynamic, fast-paced environment

· Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts, both internal and external to the organization, to demonstrate analytical and technical expertise

· Recognize and mitigate cognitive biases which may affect analysis.