Sr. Cyber Security Defense Analyst (GCS)
RBC - Royal BankVancouver, BCJob Summary
Job Description
What is the Opportunity?
RBC Defensive Threat Operations (DTO) team is seeking an experienced Sr. Cyber Security Defense Analyst with demonstrated competence and thought leadership capability to contribute toward the success of our Cyber Resiliency initiatives. Under the direction of the Director of Correlation Engineering, the Senior Cyber Security Defense Analyst is responsible for maintaining the RBC Security Information Event Management (SIEM) platform.
What will you do?
The Cyber Security Defense Analyst is a hands-on technologist who is an expert in the use of the technologies that comprise the RBC SIEM platform, and creates and tunes the SIEM rules to adjust the specifications of alerts and security incidents. The scope of this position is RBC Enterprise-wide and requires a very good understanding of the security controls RBC uses and how they provide value to the business.
The incumbent will work closely with other members of the Global Cyber Security teams in ensuring that the security posture of RBC is maintained and take a proactive approach in continually assessing the effectiveness and efficiency of the SIEM platform.
Essential Functions :
Serve as a Subject Matter Expert (SME) for the SIEM platform
Develops and implements effective correlation rules
Tunes SIEM components to ensure maximum reliability and reduce false positives
Review security context alerts and log sources
Essential Capabilities :
Ability to relate to non-technical users in user-friendly language
Ability to understand or learn the technical implications of security threats
Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment
What do you need to succeed?
Must-have :
Bachelor of Science in a technology-related discipline or 3 years of relevant experience
3-5 years of experience in a role dedicated to the configuration, maintenance and administration of SIEM Platform (Splunk, Sumo Logic, Azure Sentinel, QRadar)
Significant experience with and working knowledge of Syslog
Practical experience with Python
Significant experience with and expertise in creating event correlation logic and rules
Significant experience and expertise in using SIEM for searching and correlating events
Possess excellent troubleshooting, problem-solving, and verbal / written communication skills
Ability to manage critical situations, and maintain solid relationships with colleagues
Nice-to-have :
Certified SIEM certification
Certified Information Systems Security Profession
What's in it for you?
We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
Leaders who support your development through coaching and managing opportunities
Ability to make a difference and lasting impact
Work in a dynamic, collaborative, progressive, and high-performing team
A world-class training program in financial services
Flexible work / life balance options
LI-Hybrid
LI-POST
TECHCPJ
Job Skills
Decision Making, Group Problem Solving, Identity Access Management (IAM), Information Security, Information Technology Security, IT Systems Integration, Negotiation, Security Controls, Security Information, Security Information and Event Management (SIEM), SIEM Tools, Software Development, Software Development Life Cycle (SDLC), Strategic Objectives