Posted:
10/2/2024, 9:49:20 AM
Location(s):
Toronto, Ontario, Canada ⋅ Ontario, Canada
Experience Level(s):
Junior ⋅ Mid Level
Field(s):
IT & Security
Job Description:
The Tier 2 Information Security Analyst is responsible for the first line of security incident response in the client SIEM environment. The core responsibilities include the monitoring of client SIEM alerts in real-time, researching threat information, and escalating legitimate security incidents to the client. This position is also a technical escalation resource for the Tier I Information Security Analysts.
Tier 2 analysts provide a further in-depth analysis and focus on incident support and alert handling from Tier 1. They coordinate security monitoring findings with the Threat Intelligence team, vendor partners, and with specific points of contact to obtain a wider analysis of event data and its impact on designated environments.
Tier 2 analysts will utilize various meeting systems and telephone bridges to provide updates on attacks and advise clients on technical countermeasures. Tier 2 analysts will also perform a Root Cause Analysis of an attack. The investigation may continue for an extended period time beyond the resolution of an incident to gather additional information, and coordinate with constituents to determine the event’s extent and severity.
Tier 2 monitoring functions:
Triage: In support of Tier 1 staff OR independently - review, assess and act. May be direct or part of an automated action.
Threshold Monitoring: Actively monitor indicators that are approaching security, service and/or compliance Thresholds. Also included recommendation on the ongoing establishment and adjustment of said thresholds.
Playbooks/Threat Analysis: Execute analysis process as required. Assist in the general maintenance and improvement of the process and/or playbooks.
Active Investigation/Cause Analysis (Who, What, When, Where, How): initiation and follow-through to ensure quality forensic materials are captured. Participate in Root Cause Analysis if required.
Escalation: Maintain the escalation chain integrity and service levels.
Requirements/Experience:
2 – 4 years of relevant experience or equivalent combination of education, certifications, and work experience: undergraduate degree and 1-2 years of relevant experience.
1 – 2 years of Information Technology experience with network technologies, specifically TCP/IP, and related network tools.
Understanding of source code, hex, binary, regular expression, etc.
Experience assisting the development and maintenance of tools, procedures, and documentation.
Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs).
Experience using SIEM tools, ticketing systems, and performing cyber threat analysis.
Other Requirements:
Hybriid – Canada – Toronto (need to live within commuting distance of the office in Streetsville, Ontario, which is on the outskirts of Toronto)
Must be a Canadian Citizen due to government or federal regulations
Fixed 12 hours shifts, 2-2-3 schedule
DXC is an equal opportunity employer. We welcome the many dimensions of diversity. Accommodation of special needs for qualified candidates may be considered within the framework of the DXC Accommodation Policy.
In addition, DXC Technology is committed to working with and providing reasonable accommodation to qualified individuals with physical and mental disabilities. If you need assistance in filling out the employment application or require a reasonable accommodation while seeking employment, please e-mail AODA Canada Requests.
Note: This option is reserved for applicants needing a reasonable accommodation related to a disability.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.
Website: https://ioscm.com/
Headquarter Location: Newcastle Upon Tyne, Newcastle upon Tyne, United Kingdom
Year Founded: 2012
Industries: E-Learning ⋅ Education ⋅ Logistics ⋅ Procurement ⋅ Supply Chain Management ⋅ Warehousing