Security Ops Analyst

at  ICBC

We welcome applications from all qualified job seekers. Should you require accommodations throughout the application or hiring process, please don’t hesitate to contact accessibility_services@icbc.com, as we are committed to ensuring a seamless and accessible experience for all candidates. Also consider joining our Indigenous Peoples or People with Disabilities Talent Pool to receive information about future opportunities and to learn more about our DEI hiring.
Are you a current ICBC Employee? Click here to access our internal portal.
ICBC is committed to delivering consistently high-quality customer service to all British Columbians. If you are reliable and dependable, love to think outside of the box and have a growth mindset, we welcome you to apply for this exciting opportunity.
Reporting to the Manager of IT Security, the Security Operations Analyst (SOA), as part of a team, will support ICBC’s cybersecurity functions (detection, monitoring and response) and become a technical and cybersecurity leader.
You will work closely with ICBC’s Information Risk Management, Platform teams, Application teams and a Managed Security Operations Center. The SOA is responsible for delivery and continuous improvement of IT cybersecurity functions using ITIL principles and alignment to ISO 27000 controls.

Your responsibilities will include:

• Identifying, triaging and investigating cybersecurity events and incidents end-to-end, including response, escalation, and resolution with end users.
• Working independently and collaboratively with IT teams to proactively recognize any potential intrusion attempt and compromises through correlation analysis of relevant IOCs, event details and threat intelligence sources.
• Providing mitigation and remediation support in response to identified cyber threats.
• Actively contributing to the development of Security Operations Center (SOC) architecture, standards, methodologies, techniques, processes, and technical playbooks.
• Effectively using and improving SOC technologies (network data, endpoint and application) and SOC automation.
• Actively enhancing detection rules and technical capabilities of the SOC toolkit to optimize and tune alerts, minimize false positives, correlation, and parsing issues.
• Providing oversight to the compliance of ICBC systems with respect to vulnerabilities and patching.
• Continuously contributing to and improving IT cybersecurity metrics and reports.
• Acting as the first point of contact with external and internal stakeholders (business, IT teams, security service providers) to gain their trust and credibility.

The successful candidate will have two (2) years’ experience in a large, complex IT environment, with a preference of at least one (1) year in cybersecurity (in a Security Operations Center).
A demonstrated continuous education and/or completion of relevant cybersecurity certifications is desirable but not required.

The candidate will bring demonstrated solid knowledge, strong skills, and practical experience of:

• Various incident response stages, controls, processes, procedures, and playbooks.
• MITRE ATT&CK and Cyber kill-chain frameworks and applying their techniques, tactics and procedures in dynamic IT environment.
• SIEM, SOAR, UEBA and EDR technologies, vulnerability management tools and network monitoring applications.
• Analyzing, interpreting technical logs and data to identify event or incident root cause(s).
• File and host investigation techniques.
• Cybersecurity and privacy principles and risks preferably in relation to NIST framework and CIS controls.
• Communicating effectively, explaining, and documenting technical details clearly and concisely.
• Troubleshooting and applying analytical thinking skills.
• Staying on top of the latest cybersecurity research and cyberattacks.
• Scripting or programming languages such as Python, PowerShell, Bash, SQL etc. would be desirable.
• Basic network protocols, network layers and potential attacks occurring at different levels of the network stack would be advantage.

ABOUT US:

At ICBC, it’s our job to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, we want you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact us today to be part of our talented and diverse team as we work together to create an insurance system we can all be proud of.

• Identifying, triaging and investigating cybersecurity events and incidents end-to-end, including response, escalation, and resolution with end users.
• Working independently and collaboratively with IT teams to proactively recognize any potential intrusion attempt and compromises through correlation analysis of relevant IOCs, event details and threat intelligence sources.
• Providing mitigation and remediation support in response to identified cyber threats.
• Actively contributing to the development of Security Operations Center (SOC) architecture, standards, methodologies, techniques, processes, and technical playbooks.
• Effectively using and improving SOC technologies (network data, endpoint and application) and SOC automation.
• Actively enhancing detection rules and technical capabilities of the SOC toolkit to optimize and tune alerts, minimize false positives, correlation, and parsing issues.
• Providing oversight to the compliance of ICBC systems with respect to vulnerabilities and patching.
• Continuously contributing to and improving IT cybersecurity metrics and reports.
• Acting as the first point of contact with external and internal stakeholders (business, IT teams, security service providers) to gain their trust and credibility