Lead, Security Technologist

Sommaire de la compagnie

Venez travailler pour une entreprise qui est engagée dans la réussite de chacun de ses employés. C’est un milieu de travail où les innovateurs et les collaborateurs se rencontrent et tirent parti des talents de chacun. Un endroit où la diversité est accueillie et célébrée.

FCT offre la meilleure assurance titres de l’industrie et fournit des solutions de recouvrement et d’autres produits et services aux professionnels juridiques, du crédit, de l’évaluation et de l’immobilier partout au Canada. Chez FCT, vous aurez l’occasion de bâtir une carrière intéressante. Joignez-vous à nous pour nous aider à poursuivre notre travail excitant et à exercer une grande influence sur nos collègues, nos clients et les collectivités.

Sommaire du poste

Nous sommes toujours à la recherche d’excellents talents; de personnes qui font preuve d’engagement profond envers la clientèle et le marché que nous desservons. Si vous désirez vous joindre à une entreprise qui s'est engagée envers le succès de chacun de ses employés et qui offre des défis, des objectifs et des occasions de croître, tant au niveau personnel que professionnel, dans un environnement axé sur le travail d'équipe, vous aimerez travailler avec nous! Nous comprenons que la promotion d’un environnement diversifié et inclusif est essentielle au succès de nos activités, et nous y travaillons activement chaque jour.

As a Security Technologist Lead, you will play a pivotal role in enhancing our security posture across both on-premises and cloud environments, ensuring we maximize the effectiveness of our existing technologies. A key aspect of this role will be creating a log onboarding strategy to identify security logs of interest and develop methods to integrate these logs into our SIEM, centralizing logging efforts. This involves identifying new logs by analyzing various sources, determining their relevance to security monitoring, and ensuring their effective integration into the SIEM.

This role will be pivotal in developing new use case detections and alerts to enhance visibility against emerging and sophisticated threats. By leveraging technologies such as SOAR, you will automate playbooks and streamline our security operations, significantly reducing the time to detect and respond to incidents. This will enable our teams to focus on higher-value tasks and strategic initiatives.

The successful candidate must be able to interpret complex security information, adapting to evolving threats, implementing controls to mitigate risks and develop alerting mechanism and provide effective countermeasures.

Additionally, you will support the Security Operations team in building and enhancing cloud detection capabilities, aligning with FCT’s cloud-first strategy. This includes developing and implementing cloud-specific use cases and alerts to detect and respond to threats within cloud environments.

HERE’S HOW YOU’LL CONTRIBUTE:

• Develop Log Onboarding Strategy by identifying and prioritizing relevant logs in alignment with our detection strategy. This includes scoping, testing, and implementing new SIEM data connectors where required.

• Create and implement SIEM detection rules for complex technical environments. Design custom alert logic based on sophisticated and emerging threats, utilizing XQL (Extended Query Language) for advanced detection patterns.

• Periodically review the use case library, perform attestation on existing use cases, and engage in tuning discussions. Provide recommendations for improvements to adapt to evolving threat landscapes.

• Utilize scripting languages like Python and automation solutions such as SOAR to streamline manual tasks and automate incident response playbooks to reduce mean time to respond and enable teams to focus on high value activities.

• Employ various cybersecurity techniques to assess information systems. Lead security initiatives and assist in enterprise-level projects, implementing security solutions and conducting Proof of Concept for modern technologies.

• Work closely with cross functional teams to integrate security measures and detection capabilities into cloud deployments, ensuring that security is embedded into the design and operational processes.

• Ensure thorough documentation of detection rules and related runbooks and processes for use by the Security Operations team.

• Oversee the management and maintenance of security operations owned platforms, including Palo Alto Cortex XDR, IBM Guardium, Qualys, KnowBe4, and File Integrity Monitoring Solution.

• Update and maintain cybersecurity playbooks, policies, and knowledge base articles that support established Incident Management and SOC processes.

• Work with broader technology teams to contribute to continual service improvements and innovations.

• Support high-severity incident response process as needed, ensuring that alerts and detections are promptly created and that relevant logs are readily available to facilitate thorough investigations.

• Mentor and train security operations analysts in use case detection and alerting, empowering them to enhance their skills and effectiveness in incident response.

HERE’S WHAT YOU’LL BRING:

• 5+ years of relevant cybersecurity experience with demonstrated technical leadership ability in information security and engineering experience in enterprise level security technologies in one or more areas of: Endpoint Protection, Perimeter Security, Email Security, Security Automation and Orchestration, Cloud Security and Vulnerability Management

• In-depth understanding of Security Operations and Security technologies, with previous experience in a SOC environment

• Practical experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.

• Proven experience in configuring and parsing log sources for log centralization and optimizing data analysis for improved threat detection.

• Understanding of common exploitation techniques, MITRE ATT&CK framework and awareness of new threats

• Experience of supporting and developing SIEM platforms in the context of Security Operations Centre.

• Strong understanding of networking principles and extensive knowledge of TCP/IP at the packet level, including protocols and troubleshooting techniques.

• Practical experience in programming and scripting, particularly in PowerShell and Python, enabling task automation and custom solution/API development.

• Hands-on experience working with APIs to facilitate integration between various security tools, enhancing data flow and operational efficiency.

• Familiarity with cloud security best practices and frameworks from major cloud providers to effectively develop and implement security detections in cloud environments.

• Knowledge of broad range of security controls and risk management frameworks and laws such as, but not limited to, Payment Card Industry (PCI), NIST 800-63, ISO27001, OSFI B13 and Integrity & Security Guideline.

• Excellent written and verbal communication skills, crucial for conveying complex technical information clearly and facilitating collaboration.

• Capable of working independently in ambiguous situations while effectively achieving desired outcomes.

• Preferred Certifications: CCSP, CISSP, GIAC-GCED or equivalent security certifications

• A proactive self-starter who adapts quickly in a fast-paced environment, demonstrating a positive attitude and requiring minimal supervision to achieve goals.

Rémunération directe totale :

$106,700 to $130,600

Toute échelle salariale est en dollars canadiens

VOICI CE QUI NOUS DISTINGUE :

Grâce au mentorat, à des outils novateurs et à une variété de programmes qui mobilisent et récompensent les employés, nous donnons à chacun d’eux les moyens d’exceller et d’obtenir des résultats.

• Avantages sociaux complets qui comprennent l’accès au Programme d’aide aux employés et à la famille (PAEF) et à Bien-être Essentiel.

• Un régime d’épargne-retraite collectif assorti d’une cotisation patronale de contrepartie.

• Des congés payés généreux.

• Des modalités de travail hybrides.

• Des occasions de bénévolat rémunéré et des programmes de dons de bienfaisance jumelés.

• Des programmes de reconnaissance des employés assortis de primes de recommandation.

• D’éventuels incitatifs fondés sur le rendement.

• La possibilité de participer à notre régime d’actionnariat.

• Et plus encore!

*

En vous joignant à nous, vous ferez non seulement partie d’une entreprise primée, mais également d’un effectif engagé et habilité à réussir.

Merci d’avoir pris FCT en considération. Nous avons hâte de vous rencontrer.