Job Opportunities Information Security Analyst IISenior

Job Overview

This is an exciting time to join Wawanesas Information Security team! We are hiring for our Incident Response team.
Wawanesas Cyber Threat Management team are our cyber-attack first-responders. We monitor urgently investigate and contain cyber threats. Our mission is to provide verifiably timely consistent accurate and thorough detection and response to cyber threats.
Our team is a collaborative group of analysts responsible for threat monitoring incident response digital forensics and cyber threat intelligence.
Within that team the Information Security Analyst is responsible for monitoring and responding to cyber threats and for the continued improvement of that capability. You will work with many different data sources and threat detection systems to keep our company safe.
To thrive in this team you are curious friendly respectful and supportive. You have an investigators mindset: looking for clues and following evidence to verify whether our systems are under threat and acting to protect them.
You will work with minimal supervision but together with others in both Cyber Threat Management and other teams to achieve our shared goals.

Job Responsibilities

• Monitor security telemetry and threat intelligence feeds to identify suspicious activity across the environment
• Triage and validate detections from SIEM EDR and other security tools; determine scope severity and business impact
• Investigate suspected incidents end-to-end correlating host network and cloud evidence to confirm contain and remediate threats
• Rapidly contain active threats by executing response actions (e.g. isolating endpoints disabling accounts blocking IOCs) in accordance with approved playbooks
• Conduct digital forensics and sensitive investigations in collaboration with Legal/Privacy and other partners maintaining chain of custody and appropriate documentation
• Identify capture and operationalize indicators of compromise (IOCs) and attacker tactics techniques and procedures (TTPs); contribute to threat intelligence and detection improvements
• Produce clear incident documentation timelines and post-incident reports; provide actionable recommendations to reduce recurrence and strengthen controls
• Collaborate with IT operations infrastructure application teams and other cybersecurity functions to coordinate response activities and drive remediation to completion
• Develop refine and maintain incident response procedures playbooks and detection content to improve response speed and consistency
• Act as an escalation resource and mentor for other analysts supporting knowledge sharing and continuous improvement
• Participate in the incident response on-call rotation and support after-hours response as requiredhors des heures normales

Qualifications

• Completion of post-secondary education from an accredited institution in Cyber Security Information Technology or a related field
• At least 5 years of Information Technology experience with at least 3 years of experience in cybersecurity operations threat detection or incident response
• Knowledge of cybersecurity incident response and threat modelling frameworks
• Experience with one or more of the following:
  
  • Practical experience with SPL CQL KQL SQL regex and/or other search and pattern matching languages
  • SIEM EDR NGFW CASB DRPS TIP Email Protection NGAV CSPM AIDR
  • Splunk Enterprise Security Crowdstrike Falcon Proofpoint Email Protection
  • Copilot Github Copilot Copilot for Security or other AI-based tools
  • AWS or Azure Cloud Security
• Identity management client/server applications authentication systems IDS/IPS
• Ability to take initiative and respond with an appropriate sense of urgency
• Ability to build and maintain high credibility with all business partners
• Ability to adjust priorities and manage time in an environment of change
• Strong analytical and problem resolution skills
• Strong verbal written communications and task management skills
• Ability to document and explain technical concepts and details clearly and concisely to a variety of audiences (e.g. technical business auditors etc.)
• Self-motivated and willing to accept additional responsibilities as the position expands
• Possess or actively work to obtain a professional cybersecurity certification (CISM CISSP or equivalent)
• Technical certifications in cybersecurity defense or forensics (e.g. GIAC) are considered an asset
• Project management knowledge and experience considered an asset