Specialist, Cyber Security Operations Centre
job description
Description
Being part of Important Company is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the Important Company of passenger aviation.
The Cyber Security Operations Centre Specialist will be working in a fast paced and innovative environment for one of North America's top airlines. The role is responsible for leading the technical direction of Important Company's cyber monitoring, detection, and response systems. Important Company's cyber security systems are foundational to protecting the data and systems that allow its customers to fly safely. Cyber security threats continue to evolve, and the Cyber Security Operations Centre Specialist role will evolve with it. As a specialist you will be expected to lead the technical direction of cyber security technologies, deploy, and configure new cyber security technologies, develop standard operating procedures that will be used by members of the Cyber Security Operations Centre team, inspire and train a team of 7x24 Cyber Security Analysts on preventing/detecting/responding to security threats, and establish relationships with Important Company service owners to protect their data and systems.
Purpose
Responsible for the security posture of Important Company's technology environment
Responsible for security monitoring, response, and remediation activities of Important Company's technology environment
Responsible for creating opportunities for new and previously unknown avenues for threat intelligence
Functional Accountabilities
Develop and maintain a Security Incident Event Management SIEM system for a 7x24 team of cyber security analysts
Develop and maintain detection and response technologies that continuously evolve with the changing cyber threat landscape
Act as an escalation point for tier 1 and 2 cyber security analysts responding to cyber security incidents
Create, support, and maintain all pertinent documentation, which includes but is not limited to, root cause analysis, standard operating procedures, incident response plans, applicable standards for monitoring and security tooling
Automate Security related tasks with a high degree of efficiency leveraging a SOAR platform
Perform Digital Forensics, Incident Response DFIR and threat hunting activities using relevant actor TTP's and IOCs
Monitor compliance with information security policies and procedures
Develop, manage, measure and report on key service-level metrics showcasing the effectiveness of the Cyber Security Operations program
Provide expertise in the definition, selection and implementation of IT Security and Business Continuity related controls to the IT Department
Develop and communicate operational security objectives;
inspire, motivate and train team members to follow and achieve organizational security standards
**Responsibilities**:
Lead business and technology analysis efforts for the Cyber Security Operations Centre
Lead requirements and analysis efforts, including translating business requirements
Lead use case creation efforts
Lead Planning and monitoring processes for a particular functional area
Define and maintain methods, techniques and calculations for identifying ways to improve security operational processes
Build relationships throughout the organization to enhance and support our focus on safe, secure, and reliable operations
Maintain up-to-date understanding of security threats, countermeasures, security tools and network technologies
**Qualifications**:
Certification in Information Security Any advanced blue/purple team training
Demonstrated experience 5 years +:
Incident/Major Incident, ITIL process concepts and execution Incident Management, Problem Management, and Change Management, cyber security incident response, Enterprise SIEM technologies ie. Sentinel, Arcsight, Splunk, QRadar, LogRhythm, Threat intelligence management
Experience with enterprise SOAR technologies ie, LogRhythm, Logichub, Demisto, etc.
Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IPS technologies, proxy technologies, WAF Technologies, mail filtering solutions, antivirus, EDR, Windows and *NIX operating systems
Scripting knowledge in Python and PowerShell
This position requires a high level of availability and flexibility as shift work be part of the requirement as this role is part of our 24/7 IT Operations.
Able to communicate effectively and to work collaboratively with all levels of the organization with superior verbal and written skills
Superior customer service and client interfacing skills
Work Experience
7-12 years of IT technology, operations and people leadership experience in a large company
Desired Education
A relevant University degree/technical certification, and/or relevant experience commensurate to the role
Behavioral Competencies
Ability to work effectively under pressure and in rapidly changing environments or uncertain conditions.
Takes responsibility for the results and actively participates in the future direction of the organization
Ability to work cooperatively with others on a team, and to establish and maintain effective business relationships
Ability to maintain a professional and assertive demeanor under challenging situations and possesses confidence to act on critical decisions.
Able to handle multiple tasks in a fast-paced environment.
Working Conditions:
After hours on-call support for escalations
Ability to travel and work effectively with remote teams
Working from home office if not located at core locations
Conditions of:
Mandatory Covid-19 Vaccination Required
Linguistic Requirements
Diversity and Inclusion
Important Company is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees' unique contributions to our company's success.