Cover for Irving Oil
Irving Oil3.3
Cybersecurity Incident Response Specialist
Saint John
CA$56k - CA$90k (Glassdoor est.)
Apply Now
Job

What you can expect in a typical day:

If you’re interested in a career in cybersecurity, joining our growing team of cybersecurity experts could be the opportunity you are looking for. As our Cybersecurity Analyst Incident Response you will work with cross-functional teams to deal with cybersecurity incidents at a high technical level and be capable of identifying threats and threat vectors that cause security events. You will do direct monitoring and also work closely with our Level 1 incident response function that monitors security alerts and action escalated events. You will create and maintain standard operating procedures as well as other documentation and assist in IT security investigations, exercises, and tests. Approximately 25% of your time will be spent reviewing and responding to users’ emails.

What you’ll need to succeed

  • Perform all steps of cyber incident response at a high level and tactical level, including but not limited to digital forensics and investigations to identify threats and threat vectors that cause security events, using modern local and remote forensics tools.

  • Applying incident response lessons learned to improve security program.

  • Use a variety of industry standard tools and technologies to detect potential threats, build and maintain security incident response program.

  • Be familiar with ingesting and applying threat intelligence for practical defense.

  • Conduct threat risk assessments, develop and recommend risk mitigation changes, and lead related cross-functional team implementation efforts.

  • Use OSINT techniques to determine potential threats and attack vectors.

  • Propose recommendations to reduce cyber threat landscape, potential threats through OSINT.

  • Scope environments for multiple forms of IOCs.

  • Understand and assist with applying strategic changes from adversary TTPs.

  • Be familiar with applying MITRE ATT&CK Enterprise and ICS frameworks for proactive defense.

  • Participate and execute tabletop exercises with IT and ICS/OT stakeholders.

  • Perform business context analysis on escalated security events to determine steps for handling events of interest vs. actual incidents that could impact the business and operations.

  • Monitor and tune security alerts across a defence in depth architecture and cloud environments.

  • Direct hands-on experience with modern SIEMs such as Splunk, QRadar, etc.

  • Comfortable with building and/or modifying SIEM use cases and alert rules.

Professional skills

  • Deploy cyber defence mindset while achieving positive operational technology control outcomes.

  • Strong knowledge of network security architecture, common network protocols and services for Windows and Linux environments.

  • Able to take ownership of and solve routine daily problems and issues that arise.

  • Ability to build rapport and positive relationships with cross-functional teams, key stakeholders.

  • Able to communicate technical information in a non-technical way.

  • Ability to thrive in a high-pressure environment and meet tight deadlines.

  • Proven ability to work cooperatively within a team as well as take responsibility for own work.

  • Customer service mindset.

  • Strong organizational, time management, and prioritization skills.

Education and experience

  • 5-10 years’ experience in cybersecurity.

  • Post-secondary education in Computer Science, Information Technology, Information Systems, Networking, related fields, or equivalent experience.

  • Certifications: Security+, GCIA, GCFA, GCIH, GCIA, CEH or equivalent work experience.

  • Subject matter expert for SIEM, SOC, digital forensics and cyber intrusion investigations.

  • Experience working in a security incident response program, in all steps of incident response.

  • Experience gathering and actioning threat intelligence to remain current on any new threats.

  • Knowledge of applying MITRE ATT&CK, hunting using ATT&CK would be an asset.

  • Experience exercising cross-company response to cyber threat.

  • Knowledge of ICS (Industrial Control Systems / Operational Technology) and industrial safety an asset.

Irving Oil supports a diverse and inclusive work environment and welcomes applications from all qualified applicants.

Job Requirements - Work Experience

Information Technology

Job Requirements - Education

Bachelors: Information Technology

Location

Saint John, NB
Show more
Get alerts to jobs like this, to your inbox.

Suggested Searches