Expert, Security Operation Center

At CN, we work together to move our company and North America forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion.

From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks.

You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM.

The careers we offer are meaningful because the work we do matters. Join us!

Job Summary

The role of the Expert, Security Operation Center is to provide technical leadership for the Security Operations Center team in protecting the integrity and confidentiality of CN information assets while enabling business functionality in all systems and environments, by supporting applicable security solutions.

As a subject matter expert, the individual oversees development and collaborates with various relevant teams. The individual provides technical assessments and recommendations to surfacing issues and for new projects.

As part of a Security Operations Center team and according with CN's workforce strategy, the Expert will interact and help shape permanent employees and a variable number of consultants depending on on-going projects and initiatives.

Some of the projects the Expert will work on will be unchartered territory, and will need to be built from the ground up - it takes vision and an innovative mind-set to make that happen.

The Expert needs to be enthusiastic, driven, conscientious, and accountable and a natural leader as well, with the ability to foster these values within the department.

Main Responsibilities

Operation Support - 25%

• Lead the team by providing technical guidance and methodology with regards to the security practice.
• Interface and guide product managers, project managers (PMs) and architecture in order to align corporate priorities within the team.
• With a constant attention to OPEX / CAPEX costs, ensure solutions are in line with business expectations and CN's vision
• Contribute to process improvement and elaboration.
• Contribute to RFPs & RCA's
• Participate collecting, assessing, and cataloging threat indicators

Practice Evolution - 45%

• Enable the Continuous Service Improvement lifecycle which includes :
• Reporting and Report Generation for various internal audiences
• Conduct regular interactions with Governance
• Enable the Security Management Lifecycle
• Oversee process improvements, and drive implementation of new capabilities to enhance defense and response of CN systems and networks
• High quality standards must be developed and applied to in order to reduce impact on operations, reduce TCO (Total Cost of Ownership).
• Provide information security risk analysis and strategic recommendations for the ongoing improvement of the security posture of corporate networks, systems and services.
• Develop comprehensive security write-ups and presentations, which describe security issues, analysis, and remediation techniques to company leadership
• Act as liaison between different departments providing guidance
• Provide targeted training and workshops to various teams on a regular basis

Delivery - 30%

Oversee development of new security operations literature for use across CN information security functions by SOC team members.

Maintain knowledge of the threat landscape

Implement a proven testing methodology using industry-leading tactics and techniques.

Adapt information security approaches to target real-world enterprise challenges

Organizational Impact

Decision Making & Impacts

Priority setting

Design evaluation

Quality assessment

Process optimization

Project Delivery Analysis

Designs / solutions will service many business and corporate operation functions which requires being optimal, efficient, available and sustainable

Implementation will need to be completed with efficiency, consistency and good planning in order to avoid network interruption, to ensure standardization and quality

Documentation will need to deliver accuracy, quality and proper content to meet decision-making and sustainability requirements

Level of Interaction / Influence

The Expert plays a focal role in the communication of technical aspects and orientations within his own group and between multiple disciples interacting with his groups.

Employees Supervised / Org Structure

Individual Contributor

Requirements

Education / Certification / Designation

• Master's Degree in Computer Science or related field OR equivalent work experience
• Certifications :

GCFA (Advanced Incident Response, Threat Hunting and Digital Forensics)

GCED (GIAC Certified Enterprise Defender)

CISSP (Certified Information Systems Security Professional)

GCIH (GIAC Certified Incident Handler)

CISM (Certified Information Systems Manager)

GEVA (GIAC Enterprise Vulnerability Assessor)

CRISC (Certified in Risk and Information Systems Control)

Skills / Knowledge

Technical Background :

• Expert knowledge of common network and application stack protocols, including but not limited to TCP / IP, SMTP, DNS, TLS, XML, HTTP, etc.
• Expert knowledge of policies, procedures, and protocols in use by the CN Security Operations Center
• Solid technical skills and knowledge around infrastructure based (Windows, Unix, Network, OT, and Cloud).
• Good analytical skills - able to review findings and determine criticality based on infrastructure configurations and security stack.
• Knowledge of network technologies - Firewalls, routers, switches
• Operational experience working in Security and / or networks and other general IT functions
• Understanding of key security concepts and analytical techniques.

Leadership Skills

• Engages and inspires passion - motivates people
• Ability to coach people
• Tactful and exercises good judgment
• Operational and results focus
• Professional customer orientation
• Solid problem-solving skills
• Process driven and able to turn strategy into tactical actionable tasks.
• Creativity and strong analytic skills
• Ability to analyze problems quickly and accurately and adopt effective courses of action
• Project delivery skills (solid understanding of Project Management or equivalent experience)
• Strong interpersonal skills to interact positively and productively with teams across organizational lines, including administrative / executive staff
• Strong communication skills with demonstrated ability to communicate with technical and non-technical staff.
• Proven ability to work in a complex, fast-paced, and rapidly changing operations environment

For the End Point Protection Expert role

• Expert knowledge in overseeing the health, performance, stabilization, tuning and ongoing planning of the Endpoint protection infrastructure (HW & SW).
• Providing expert guidance to various teams to ensure successful deployments of Endpoint protection tools.
• Strong background implementing and supporting endpoint security technologies such as EDR, AV, local firewalls, encryption, VPN and proxy;
• Ability to lead various teams in implementing detection controls to protect against cyber security threats in as near real-time as possible.
• Proven track record in developing and frequently testing response plans and breach scenarios ensuring to ensure containment.
• In depth understanding of relevant IT networks, security standards, authentication protocols, and security related hardware and software within the organisation is vital.

Experience

7-10 years Security industry experience including a minimum of 5 years of experience demonstrating technical leadership qualities and / or overseeing deliverables

Demonstrated experience building and managing systems and programs.

Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.

Demonstrated ability to lead the development of specific proactive procedures for the detection of security breaches across a large enterprise network

Detailed knowledge of security assessment methodology and risk management process.

Assets

• Familiarity with audit support and response, and regulatory compliance (Sarbanes-Oxley and PCI-DSS)
• ITIL Certification

Working Conditions

This role may require occasional business travel in accordance with CN policy for meetings

CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year.

As the only railroad connecting Canada's Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919.

CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.

For internal candidates, note that the grade level of the position will depend on the employee's experience.

At CN, we are dedicated to building North America's safest, most inclusive and sustainable railroad, which includes reflecting the communities in which we operate.

Research shows that candidates from underrepresented groups often don't apply unless they feel they fit the job posting at 100%.

Even if you don't see yourself in every job requirement listed in a posting, we still encourage you to apply. If you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations), please reach out to our team at [email protected].

As an equal employment opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, and other protected status as required by applicable law.

We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.