Senior SOC Analyst

What’s in it for you as an employee of QFG? Health & wellbeing resources and programs  Paid vacation, personal, and sick days for work-life balance Competitive compensation and benefits packages Work-life balance  Career growth and development opportunities Opportunities to contribute to community causes Work with diverse team members in an inclusive and collaborative environment   We’re looking for our next Senior SOC Analyst, Incident Response, JSOC. Could It Be You?   Your contribution delivering sustainable and measurable results in the following areas will be very important: Administration and management of the various cybersecurity tools used by the wider Joint Security Operations Centre team, such as Endpoint Detection & Response (EDR), Vulnerability Scanning, Attack Surface Management, Identifying and responding to cyber threats - that pose a risk to our reputation and brand, and may result in a compromise. Day to day activities include overseeing system upgrades and expanding capabilities, monitoring system health and troubleshooting system issues, ensuring asset coverage, and managing user access for these tools. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs, providing metrics on the management of these systems and tickets addressed, and conducting monitoring and response activities. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.   What’s it like working as a Senior QA Engineer at Questrade?    You will: Monitor, analyze and report possible cybersecurity attacks. Investigate and perform analysis of threat indicators. Gather Indicators of compromise and any relevant data to use with threat hunting activities. Leverage security tools (SIEM, EDR, and more) for analysis to identify malicious activities. Analyze identified malicious activity to determine Tactics, Techniques and Procedures.  Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident. Participate in on-call and hands on scheduled shift rotations including off business hours. Collaborate well and work with other cybersecurity and IT team members. Coordinate Security Incident Response and investigation with other internal teams and 3rd party providers. Conduct incident investigations using security tools and solutions (SIEM, EDR, firewalls, etc.). Complete Security Incident and Investigation reports.  Onboard and monitor cloud environments (Azure, AWS, or GCP) into SIEM. Develop and document processes, operational procedures, and enhance playbook workflows. Deploy, manage and administer tools used by other cybersecurity teams related to endpoint protection, email security, vulnerability scanning, etc Review enterprise security tools and controls to review system health, identify misconfigurations, and implement tuning recommendations per vendor best practices Maintain existing or create new procedures and processes for administering and managing cybersecurity tools under the purview of the team Respond to and address support tickets for our tools that arise from different end users and teams via the enterprise ticketing system Provide proactive security investigation and searches on corporate environments to detect malicious activities. Maintain up-to-date understanding of security threats, countermeasures, security tools, Cloud Security and SaaS technologies. Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks Report on team metrics for the CISO leadership team and the IT & Cyber GRC team Report on all applicable compliance related obligations  So are YOU our next Senior SOC Analyst? You are if you have… 5 years of relevant experience in performing, Cybersecurity operations, Cybersecurity Threat Intelligence, Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment. Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK. Knowledge of creation and fine tuning SIEM use cases. Security monitoring experience with cybersecurity and SIEM technologies. Experience with building SOC processes, playbooks, SIEM correlation rules, and incident reports. Experience with threat hunting and security incident investigation. Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more. Knowledge of incident investigation, working with in-house and vendor teams to research, identify and report on incidents. Knowledge of security incident management, malware analysis and vulnerability management processes. Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies. Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk. Experience with the security logging and monitoring of cloud environments. Experience analyzing different data sets and preparing metrics and reports (e.g. Excel, Sheets, PowerBI) Experience with Atlassian products, especially JIRA and Confluence   Brownie points if you have... CEH, CSA, CHFI, ECIH or similar relevant certifications. Familiarity with programming languages such as Python, JS and others. Hands on technical expertise in the following types of tools: EDR, infrastructure vulnerability scanning, cloud based scanning, data loss prevention, external attack surface management, network scanning, incident response, SIEM, access management   Sounds like you? Click below to apply! #LI-MM1 #LI-Remote