TEEMA -
453 emplois
Vancouver, BC
Job Title: Intrusion Response Analyst Job ID: CV647196426Location: Vancouver, BCOverview:Our client is currently searching for an Intrusion Response Analyst to join their amazing team. You will be working on these 6 primary dimensions: Forensic Incident Response, Threat Emulation, Threat Intelligence, Threat Hunting, Training/Security Awareness and CSIRT Continuous Process Improvement.What you will be doing:Forensic Incident Response
- As the Tier-3 specialist, undertake a detailed investigation of technical incident responses and host-based forensic scanning.
- Perform end-to-end, incident response assessments for transactional security incidents.
- Participate in an on-call rotation to provide after-hours support for issues and high severity incidents.
- Conduct digital forensic investigations in the GCP and Azure cloud environments.
- Participate in threat emulation, red-teaming or purple-teaming initiatives and documentation.
- Evaluate the efficacy of security systems, incident response process, and mitigations.
- Identify gaps in access points, tools, incident response data set, and processes.
- Develop improvements and address gaps within defenses by continuously updating system workflows and processes as needed.
- Actively conduct research into any risks and threats required in the concept, design, and recommendation of appropriate countermeasures.
- Ensure threat intelligence research is thoroughly catalogued and relevant via threat summary and issues reporting.
- Provide and share IOCs from research to external parties such as the Mining & Metals ISAC (MM-ISAC) and Canadian Cyber Incident Response Center.
- Participate in proactive intelligence-initiated threat hunting initiatives.
- Develop repeatable process
- Analyze enterprise data set for indicators of compromise.
- Report, advance and remediate anomalous events.
- Advocate for increased cyber security where required for the safe operation of the business.
- Develop security training materials, plan, and deliver internal security training.
- Participate in the creation, improvement, and updating of CSIRT processes.
- Develop custom CSIRT tools, scripts and integrations that provide automation to tasks and increase IR capabilities.
- Other security team tasks and projects as assigned.
- 5+ years of demonstrated experience in cyber security, specifically host-based intrusion scanning, digital forensics and threat analysis
- 2-3 years of experience conducting cyber security research including threat analysis and intelligence
- At least 1 year with cloud platforms such as Azure (preferred) or GCP
- Strong report writing and presentation skills would be helpful