Cybersecurity Operations Analyst

Location : Canada Remote, CanadaDans des marchés en rapide évolution, les clients à travers le monde font confiance à Thales.

Thales est une entreprise où les personnes les plus brillantes du monde entier se regroupent pour mettre en commun leurs idées et ainsi s'inspirer mutuellement.

Dans tous les secteurs où œuvre Thales, notamment l'aérospatiale, le transport, la défense, la sécurité et l'espace, nos équipes d'architectes conçoivent des solutions innovantes qui rendent demain possible dès aujourd'hui.

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other.

In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

Position Summary

This position is located in Fredericton N.B. It will first start as remote and then shift to hybrid once our new facility is up and running.

Thales requires a Cybersecurity Operations Analyst to be responsible for the prevention of Cybersecurity incidents by real-time monitoring, detection, and analysis of potential intrusions.

This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events.

The position operates and tunes security tools, provides requirements for new security capabilities, and creates use cases for monitoring.

In addition, the position creates and follows up on incident reports, creates daily, weekly, and monthly reporting metrics.

The Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of evidence, identify the malicious operations, and evaluate the real impact to solve in a quick and efficient manner.

This is a key role when it comes to onboarding new customers, maintaining the CSOC's infrastructure and continuous improvement.

Essential Functions / Key Areas of Responsibility

The analyst must have work experience in a Security Operation Centre (SOC) environment. Expertise in using and managing SIEM, EDR, log and network analysis, Network security (Firewall, WAF, IDS / IPS), Infrastructure are vital for this role.

• Monitor, analyze and report possible Cyber-attacks or intrusions, anomalous, and misuse activities.
• Leverage variety of Cybersecurity tools (SIEM, EDR, and Sandbox) for analysis to identify malicious activity.
• Creating queries / rules for specific searches, reports, and alerts on SIEM. Contribute in updating, and tuning correlation rules and Security use cases.

Contribute to improvement of alerts classification to minimize false positive.

• Follow incident response process, document, and escalate security incidents. Stay up to date with security incidents until closure.
• Analyze identified malicious activity to determine Tactics, Techniques, and Procedures (TTPs), gather indicator of compromise (IOC) and any relevant information.
• Conduct research, analysis and correlate gathered data from various sources to gain situational awareness and determine the impact of the incident.
• Coordinate with other teams (IT Security, network, system administrators, and end-user) to validate alerts or activities.
• Provide daily summary reports of Cybersecurity incidents, operation statistics of monitoring tools, and latest Cybersecurity related news.
• Perform trend analysis and develops metrics and reports on intelligence and incidents for management.
• Contribute to the creation, update of Security Operation and incident response best practices, and processes.
• Contribute with first responder actions, triaging and containing breaches.
• Assist in secure collection of artifacts, analyze for malicious behavior, and carry out analysis to determine the root cause of events.
• Participate in threat-hunting activities, looking for anomalies. Ingest, analyze, and contextualize data and turn that into intelligence for threat assessment and risk management.
• Research latest known Cybersecurity incidents, gather IOC's and any relevant data to use with Threat hunting activities.
• Provide advice on configuration of network security devices for service and security enhancement.
• Support customer onboarding projects to ensure a successful transition to CSOC for security monitoring services.

Minimum Requirements : Skills, Experience, Education, Technical / Specialized Knowledge, Certifications, Language

• Minimum of 3 years of relevant experience in System or Network Architecture and Administration, or Security Analysts, Security Operations Center (SOC), or Incident Responder, Computer Emergency Response Team (CERT).
• Currently holding one or more Cybersecurity industry recognized certifications from : (ISACA, ISC2, GIAC SANS, CompTIA Security+ or higher, Offensive-Security).
• Knowledgeable with NIST Cybersecurity Framework (CSF), MITRE ATT&CK.
• Experience in building and updating SOC processes, Playbooks, Correlation rules, and Incident report.
• Alert triage, malware analysis, sandboxing, basic decoding and scripting.
• Must have at least or greater : Splunk (Core Certified Power User) certification, IBM Qradar, Azure Sentinel (SC-200) and other SIEM certification is a plus.

Preferred Qualifications

• Bachelor's degree in engineering, computer science, cybersecurity, related IT field or equivalent experience.
• Experience working in a SOC environment (Internal or MSSP).
• Experience monitoring enterprise environment. Operation Technology (OT) or ICS is a plus.
• Strong understanding of security incident management, malware analysis and vulnerability management processes.
• Security monitoring experience with one or more Cybersecurity and SIEM technologies - IBM QRadar, Splunk, Microsoft Sentinel, intrusion detection and prevention (IDS / IPS), Endpoint detection and response (EDR), Data Loss Prevention (DLP), and threat intelligence platform (TIP).
• Experience with SOAR platform : xSOAR, IBM Resilient, TheHive and Cortex.
• Strong written communication and presentation skills.
• Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
• Experienced in scripting, automation, Cloud infrastructure and Cloud security monitoring is a plus.
• Vendor specific training and certifications is a plus : IBM QRadar, Splunk, Palo Alto, Demisto, FireEye, Cisco, Microsoft Azure, Amazon (AWS).
• Must be analytical with detail-oriented analysis and great documentation skills.

Regulatory Compliance Requirements :

Please review values for Canada and USA, selecting ALL that apply :

Canada role

None

Access to Trade Controlled Items

þ Access to Controlled Goods

þ Security Clearance

Describe Specific need :

This role will only have read-only access to system alerts, logs, and monitoring system. This role will also require Controlled Goods Access and Reliability Clearance at a minimum.

Ideally candidates will be eligible for NATO Secret Clearance as well.

Special Position Requirements

Schedule : 40 hrs. per week, schedule can rotate between teams. Service coverage is between 7 AM - 8 PM EST.

Physical Environment : Remote to start, hybrid once the facility is built.

Travel : Only if necessary.

LI-Remote

LI-PD1

Thales est un employeur offrant l'égalité des chances qui valorise la diversité et l'inclusion sur le lieu de travail. Thales s'engage à mettre en place des mesures d'adaptation tout au long du processus de recrutement.

Les candidats sélectionnés pour une entrevue et ayant besoin de mesures d'adaptation sont priés de le faire savoir lors de l'invitation à l'entrevue;

notre équipe travaillera volontiers avec chaque candidat pour répondre à ses besoins particuliers. Tous les renseignements relatifs aux mesures d'adaptation seront traités d'une manière confidentielle et utilisés uniquement dans le but d'offrir une expérience candidat adaptée.

Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process.

Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview.

We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.

Ce poste exige un accès direct ou indirect à du matériel, des logiciels, ou à des informations techniques contrôlés en vertu de la Liste des marchandises et technologies d'exportation contrôlée du Canada, du Programme canadien des marchandises contrôlées, du Programme canadien de la sécurité industrielle, de la réglementation américaine lnternational Traffic in Arms Regulations (ITAR) ou de la réglementation américaine Export Administration Regulations (EAR).

Tous les candidats doivent être éligibles ou en mesure d'obtenir une autorisation pour un tel accès, y compris l'éligibilité au Programme canadien des marchandises contrôlées et être en mesure d'obtenir une habilitation de sécurité canadienne de niveau fiabilité approfondie.

This position requires direct or indirect access to hardware, software or technical information controlled under the Canadian Export Control List, the Canadian Controlled Goods Program, the Canadian Industrial Security Program, the US International Traffic in Arms Regulations (ITAR) and / or the US Export Administration Regulations (EAR).

All applicants must be eligible or able to obtain authorization for such access including eligibility to the Canadian Controlled Goods Program and able to obtain a Canadian Enhanced Reliability security clearance.