CYNET SYSTEMS -
510 emplois
Vaughan, ON
Publié il y a 3 jours
Détails de l'emploi :
Temps plein
Niveau d`entrée
Job Description:
Responsibilities:
Responsibilities:
- Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.
- Acknowledge tickets in ITSM according to defined service level agreements.
- Perform security event triage and validate potential threats following standard processes and procedures.
- Analyze, contextualize, and monitor security alerts from various advanced security platforms.
- Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."
- Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.
- Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.
- Diagnose events using identification playbooks to discern false positives or duplicates.
- Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).
- Identify and prioritize incidents based on organizational impact or threat severity.
- 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation, malware analysis, or Incident Response / forensics
- Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running queries, and performing analytics, examination of logs and console events.
- Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies
- Experience in Web Application Firewalls and API security
- Knowledge or experience in cloud security (Azure)
- Good understanding of SANS and MITRE Telecommunication&CK Frameworks.
- Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA CySA+, GIAC is an asset.
- Strong understanding of business processes and ability to manage change/adhere to change management processes.
- Great communication skills
- Knowledge or experience in cloud security (GCP or AWS)
- Experience in malware analysis and reverse engineering
Partager un emploi :
