Team Leader, Cybersecurity SIEM-SOC-IR

Job Description

One of Canada's leading online brokerage firm and wealth management firm is looking for a Team Leader, Cybersecurity SIEM-SOC-IR

As a Team Leader, Cybersecurity SIEM-SOC-IR, your contribution delivering sustainable and measurable results in the following areas will be very important:

You will be assisting with transformation of our Information Security Program, helping to effectively balance people, processes and technology - support enablement of better security and risk decisions, and a reduction in the cost of managing overall security risk.

Identifying and responding to cyber threats - Our reputation and brand are on the line, and we'll not compromise. Our company's infrastructure and data need to be safeguarded before something happens and you will be primarily involved in Security information and event management including working with SEIM/SOC managed service providers, supporting SIEM use cases development cycle, triaging and investigating alerts, supporting incident responses, collecting and tracking metrics for reporting.

Responsibilities

• Act as the SOC and IR escalation point of contact.
• Gather Indicator of Compromise and any relevant data to use with threat hunting activities.
• Leverage security tools (SIEM, XDR, and more) for analysis to identify malicious activities.
• Review and coordinate day to day SOC activities with other team members.
• Track status and progress of tasks, initiatives and projects.
• Mentor other SOC team members in daily activities.
• Develop new processes, operational procedures, and enhance playbook workflows.
• Participate in our on-call rotation including off business hours.
• Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
• Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
• Conduct incident investigations using security tools and solutions (SIEM, XDR, firewalls, …).

Desired Skill

• CISSP, ECSA, CHFI, or CASP

• 10+ years of relevant experience in performing investigation activities for security related events in a complex incident management or Security Operations Center environment

• Strong written and verbal communication, presentation and technical writing skills, coupled with a keen interest in furthering your Cybersecurity skills.

• Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK, SOC2, and ISO 27001.

• Experience with security and regulatory audits.

• Previous experience in implementing SIEM/SOC, and Incident/Breach scenario analysis

• Experience with creating and fine tuning of SIEM use cases.

• Experience with Zero Trust security principles.

• Security monitoring experience with cybersecurity and SIEM technologies.

• Experience with building SOC processes, playbooks, correlation rules, and incident report

• Experience with threat hunting and security incident investigation.

• Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.

• Knowledge of security incident investigation, working with in-house and vendor teams to research, identify and report on incidents.

• Knowledge of security incident management, malware analysis and vulnerability management processes.

• Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies

• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.

• Threat collection, Analysis & Management and Situational Awareness.

• Experience with the security logging and monitoring of cloud environments.

• Experience with onboarding and monitoring cloud environments into SIEM.