Reporting to the Manager of IT Security, the Security Operations Analyst (SOA), as part of a team, will support ICBC's cybersecurity functions (detection, monitoring and response) and become a technical and cybersecurity leader.
You will work closely with ICBC's Information Risk Management, Platform teams, Application teams and a Managed Security Operations Center.
The SOA is responsible for delivery and continuous improvement of IT cybersecurity functions using ITIL principles and alignment to ISO 27000 controls.
Your responsibilities will include :
- Identifying, triaging and investigating cybersecurity events and incidents end-to-end, including response, escalation, and resolution with end users.
- Working independently and collaboratively with IT teams to proactively recognize any potential intrusion attempt and compromises through correlation analysis of relevant IOCs, event details and threat intelligence sources.
- Providing mitigation and remediation support in response to identified cyber threats.
- Actively contributing to the development of Security Operations Center (SOC) architecture, standards, methodologies, techniques, processes, and technical playbooks.
- Effectively using and improving SOC technologies (network data, endpoint and application) and SOC automation.
- Actively enhancing detection rules and technical capabilities of the SOC toolkit to optimize and tune alerts, minimize false positives, correlation, and parsing issues.
- Providing oversight to the compliance of ICBC systems with respect to vulnerabilities and patching.
- Continuously contributing to and improving IT cybersecurity metrics and reports.
- Acting as the first point of contact with external and internal stakeholders (business, IT teams, security service providers) to gain their trust and credibility.
The successful candidate will have two (2) years' experience in a large, complex IT environment, with a preference of at least one (1) year in cybersecurity (in a Security Operations Center).
A demonstrated continuous education and / or completion of relevant cybersecurity certifications is desirable but not required.
The candidate will bring demonstrated solid knowledge, strong skills, and practical experience of :
- Various incident response stages, controls, processes, procedures, and playbooks.
- MITRE ATT&CK and Cyber kill-chain frameworks and applying their techniques, tactics and procedures in dynamic IT environment.
- SIEM, SOAR, UEBA and EDR technologies, vulnerability management tools and network monitoring applications.
- Analyzing, interpreting technical logs and data to identify event or incident root cause(s).
- File and host investigation techniques.
- Cybersecurity and privacy principles and risks preferably in relation to NIST framework and CIS controls.
- Communicating effectively, explaining, and documenting technical details clearly and concisely.
- Troubleshooting and applying analytical thinking skills.
- Staying on top of the latest cybersecurity research and cyberattacks.
- Scripting or programming languages such as Python, PowerShell, Bash, SQL etc. would be desirable.
- Basic network protocols, network layers and potential attacks occurring at different levels of the network stack would be advantage.
J-18808-Ljbffr