Senior Security Analyst required to monitor and defend against cybersecurity incidents and identify, analyze and contain incidents as they occur. (2025-02

Our GTA based, Municipal Government client requires the services of a Senior Security Analyst to monitor and defend against cybersecurity incidents and identify,

analyze and contain incidents as they occur.

ROLE:

• Works in partnership with the Managed Security Services Provider (MSSP) to correlate activity across assets (endpoint, network, apps) and environments (on-
• premises, cloud) to identify and respond to patterns of anomalous activity, fine tune SIEM alerts, WAF and DLP policies
• Supports cyber incident response actions to ensure proper assessment, containment, mitigation and documentation and builds and tests cyber scenario
• specific playbooks for various scenarios such as Attrition, Integrity related scenarios such as compromised database, Unavailability of systems caused by
• DDOS, Web defacement, Malware etc.
• Works in partnership with other IT teams and external entities in the operation of Client’s SOC on time sensitive and critical investigations by providing SME support
• and contributing to large and small scale cyber security breaches.
• Manage the security monitoring onboarding process to ensure adequate coverage and effectiveness of all new and existing cloud and premise based applications,
• services and platforms
• Define baseline security monitoring requirements for all existing and new projects, services and applications joining the Client network and facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting.
• Drives the end-to-end vulnerability lifecycle from discovery to closure (i.e. identification, Evaluation, Remediation and Reporting)
• Work to create, build and fine tune email security tools in order to minimize phishing
• Identifies operational and tactical cyber intelligence processes and technologies to improve security operations and support efforts to prepare to prioritize patching in vulnerability management, provide input for threat hunting, monitor, detect, analyze, contain, remediate, and recover from security incidents

MUST HAVE:

• Bachelors in Computer Science, Information Security, Cybersecurity or a related field
• Minimum 8 years of progressive experience in computing and information security, including experience with security technology and remediation of Security Incidents
• Any one of the following certifications will is required:

o Certified Information Systems Security Professional (CISSP)

o Certified Information Security Manager (CISM)

o Systems Security Certified Practitioner (SSCP)

o CompTIA Security+

• Deliver expert level technical capabilities and guidance for Incident Response, Vulnerability and Patch management
• Creating, Modifying, and Updating Security Information Event Management (SIEM)
• Sound understanding of the MITRE ATT&CK Framework and the ability to schedule reports on SIEM and EDR for each technique under MITRE
• Triaging security events related to malware, security log analysis (SIEM), EDR/MDR/NDR Tools, vulnerability and patch management, and the Incident Response (IR) process
• Real time response and Remote system controls on EDRs to preserve forensics evidence and aid in Incident response
• Experience in creating and tuning rules on Advanced Phishing tools
• Good understanding of Operating Systems vulnerabilities and network infrastructure

NICE TO HAVE:

5+ years of experience with regulatory compliance and information security management frameworks (such as International Organization for Standardization

[IS0] 27000, National Institute of Standards and Technology [NIST], International Electrotechnical Commission [IEC] 62443/ International Society of Automation [ISA]

99), MITR&ATTCK