Our client is looking to augment their team with a contract Senior Cybersecurity Specialist. This will be hands on engineering role requiring the ideal candidate to bring experience in Design, Configuration, Deployment and Operations of Microsoft Sentinel Security Incident and Event Management (SIEM). This is a 12-month contract with 3 days on-site in downtown Toronto.

Key Capabilities & Responsibilities:

• Lead the log onboarding and integration process for Microsoft Sentinel SIEM, ensuring successful integration of various log sources onto the SIEM, including the development of custom use cases where required.
• Maintain, and administer security monitoring and alerting systems and processes, ensuring ongoing visibility into the security of the organization.
• Continuously improve the efficiency of threat detection, alerting and response through use case development, tuning and automation.
• Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firm's Managed Security Services Provider (MSSP) services.
• Utilize scripting languages, including PowerShell, Python, and KQL, to automate tasks and enhance system functionality.
• Development of advanced Sentinel queries and workbooks, including Logic/Function App development.
• Create and maintain system documentation for security event processing.
• Expand the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics.
• Assist in the incident response processes to contain, remediate, and recover from security incidents.
• Maximize security tools to continuously improve the detection, prevention, and analysis of security incidents.
• Maintain, administer, and integrate threat detection and remediation capabilities into security operations to address emergent cyber threats to the companies products, services, data, and infrastructure.
• Maintain and administer the day-to-day activities of Microsoft Sentinel Security Incident and Event Management (SIEM), including: SIEM Platform Operations, Log Integration, Use Cases, Use Case tuning, Logging and Monitoring, Log analysis and correlation, Security Orchestration (SOAR), Runbooks for critical incident types, Security Monitoring / User and Entity Behavior Analytics (UEBA), Security Incident Response & Remediation
• Actively analyze external threat sources as leading indicators of attacker activity and contribute to broader defense sharing network.
• Partner with Architecture, Engineering and Application Development teams to establish and maintain comprehensive visibility into potential risk events across a large scale cloud environment.
• Develop the integration and automation strategy around multiple automation (SOAR) toolsets.
• Create and maintain operational policies and procedures including playbooks and runbooks.
• Partner with the Risk Management team to define Key Risk Indicators and automated dashboards presenting risks and KPIs.
• Hands on configuration experience.
• Manage and maintain the integration of threat intelligence feeds into the SIEM to enhance detection capabilities.
• Ensure the SIEM platform supports compliance reporting requirements relevant to our industry (e.g., NIST SP800-53, NIST CSF, CSA CMM).
• Provide training to other team members and stakeholders on the usage, benefits, and outputs of the SIEM system.
• Experience with cloud security and integrating cloud logs into the SIEM.
• Experience with EDR solutions is an asset.

Qualifications & Skills:

• Bachelor's degree in computer science, Information Technology, or a related field (or equivalent work experience).
• 5+ years of IT experience, with a minimum of 3 years of hands-on experience deploying, configuring, and troubleshooting Microsoft Sentinel SIEM and Microsoft Defender.
• An understanding of threat detection and response is critical, including the ability to create, manage, and investigate alerts, understanding security threats, anomalies, and breach patterns.
• Hand-on experience in KQL with developing Use Cases in MS Sentinel.
• Experience in Function App and /or Logic App development.
• Strong core foundation experience in fundamental cloud technologies and services.
• Relevant professional certifications in Cloud (AWS, GCP, Microsoft Azure e.g. SC-100: Microsoft Cybersecurity Architect) and IT Security (Security+, CISSP, CCSP) are highly desirable.
• Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment.
• Knowledge of the Financial Services industry is a definite asset.
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors.

Thank you for your interest.