Job Title: Intrusion Response Analyst Job ID: CV647196426Location: Vancouver, BCOverview:Our client is currently searching for an Intrusion Response Analyst to join their amazing team. You will be working on these 6 primary dimensions: Forensic Incident Response, Threat Emulation, Threat Intelligence, Threat Hunting, Training/Security Awareness and CSIRT Continuous Process Improvement.What you will be doing:Forensic Incident Response

• As the Tier-3 specialist, undertake a detailed investigation of technical incident responses and host-based forensic scanning.
• Perform end-to-end, incident response assessments for transactional security incidents.
• Participate in an on-call rotation to provide after-hours support for issues and high severity incidents.
• Conduct digital forensic investigations in the GCP and Azure cloud environments.

Threat Emulation

• Participate in threat emulation, red-teaming or purple-teaming initiatives and documentation.
• Evaluate the efficacy of security systems, incident response process, and mitigations.
• Identify gaps in access points, tools, incident response data set, and processes.
• Develop improvements and address gaps within defenses by continuously updating system workflows and processes as needed.

Threat Intelligence

• Actively conduct research into any risks and threats required in the concept, design, and recommendation of appropriate countermeasures.
• Ensure threat intelligence research is thoroughly catalogued and relevant via threat summary and issues reporting.
• Provide and share IOCs from research to external parties such as the Mining & Metals ISAC (MM-ISAC) and Canadian Cyber Incident Response Center.

Threat Hunting

• Participate in proactive intelligence-initiated threat hunting initiatives.
• Develop repeatable process
• Analyze enterprise data set for indicators of compromise.
• Report, advance and remediate anomalous events.

Training/ Security Awareness

• Advocate for increased cyber security where required for the safe operation of the business.
• Develop security training materials, plan, and deliver internal security training.

CSIRT Continuous Process Improvement

• Participate in the creation, improvement, and updating of CSIRT processes.
• Develop custom CSIRT tools, scripts and integrations that provide automation to tasks and increase IR capabilities.
• Other security team tasks and projects as assigned.

What you must have:

• 5+ years of demonstrated experience in cyber security, specifically host-based intrusion scanning, digital forensics and threat analysis
• 2-3 years of experience conducting cyber security research including threat analysis and intelligence
• At least 1 year with cloud platforms such as Azure (preferred) or GCP
• Strong report writing and presentation skills would be helpful

For more information about TEEMA and to consider other career opportunities, please visit our website at www.teemagroup.comBy applying to TEEMA on any job portal implies you are entering into a business relationship with us and therefore grants TEEMA consent to send you further job updates or industry and company-related information.