Security Operations Centre (SOC) Analyst

at  Cybera

Are you a cybersecurity enthusiast? Are you tired of hearing about constant cyber attacks on Canadian education institutions, and want to do something about it? Do we have an opportunity for you!
Cybera is a not-for-profit agency whose mission is to improve the lives of Albertans through the use and advancement of digital technologies. We serve the province’s education, enterprise, research and government sectors.
We are developing a regional Security Operations Centre (rSOC) that will support the effective detection of and response to cybersecurity threats targeting Alberta’s post-secondary institutions.
As a SOC Analyst, you will have a strong hands-on and technical focus, with broad security knowledge, experience and a deep understanding of various SOC domains and incident stages (covering preparation, identification, containment, eradication, recovery and lessons learned). A critical success factor for this role will be the ability to effectively identify, triage and investigate an incident end-to-end, including escalation and resolution with end users. Between monitoring and responding to incidents, you will be focused on the ongoing uplift of the SOC service, including people, processes and technologies.
In this role, you will be enabled to challenge the status quo, think outside the box, and apply a growth mindset to develop new and innovative solutions to complex challenges. This will be supported by a focus on continuous training and exposure to leading security technologies, including a big data and analytics platform providing full flexibility to build advanced defences for cyber threats, with the support of our SOC Security Specialists.

We will ask you to:

• Conduct proactive monitoring, investigation, and escalation of security incidents.
• Recognize any potential, successful, and unsuccessful intrusion attempts and compromises through correlation analysis of relevant event details and summary information.
• Investigate malicious phishing emails, domains and IPs using open source and sector intelligence.
• Provide mitigation guidance and support in response to identified threats.
• Continuously build and evolve high confidence and high fidelity detection rules leveraging anomalous or suspicious events, in collaboration with other SOC team members, including SOC Security Specialists and Operations.
• Actively contribute to the continuing development of the SOC architecture, processes, procedures, standards and methodologies.
• Be a power user of the Security Orchestration, Automation and Response (SOAR) platform for case management and enrichment/response playbooks.
• Utilize techniques for investigating host and network-based intrusions using SOC technologies.
• Report false positives, detection rule issues and parsing issues to the SOC Security Specialists and vendors for remediation.
• Work in close partnership with both internal and external (i.e., customer and vendor) stakeholders.
• Act as the first point of contact for security incidents and requests into the SOC, in line with set SLAs.
• Apply cybersecurity and privacy principles to organizational requirements.

Your professional tool-kit should include:

EDUCATION AND EXPERIENCE

• Minimum one year in a SOC environment.
• Experience documenting cybersecurity processes, procedures, and playbooks.
• (ISC)2, CompTIA, GIAC, or other relevant cybersecurity certifications are desirable.

SKILLS

• Understanding of cybersecurity risks to the academic sector.
• Ability to identify, analyze, document, and report relevant threats and incidents.
• Experience in identifying and containing security incidents.
• Experience automating investigations and processes using basic scripting and tooling.
• Practical understanding of patch and vulnerability management.
• Demonstrated ability to gain trust and credibility from internal and external stakeholders.

Please refer the Job description for details