You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Cyber Defence Analyst

Full Time
5 days ago
Location: Remote Canada, Canada

Dans des marchés en rapide évolution, les clients à travers le monde font confiance à Thales. Thales est une entreprise où les personnes les plus brillantes du monde entier se regroupent pour mettre en commun leurs idées et ainsi s'inspirer mutuellement. Dans tous les secteurs où œuvre Thales, notamment l'aérospatiale, le transport, la défense, la sécurité et l'espace, nos équipes d'architectes conçoivent des solutions innovantes qui rendent demain possible dès aujourd'hui.

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

Position Summary

The Cyber Defense Analyst is responsible for the prevention of Cybersecurity incidents by real-time monitoring, detection, and analysis of potential intrusions. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. The position operates and tunes security tools, provides requirements for new security capabilities and creates use cases for monitoring. In addition, the position creates and follows up on incident reports, creates daily, weekly and monthly reporting metrics.

The Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of evidence, identify the malicious operations and evaluate the real impact in order to solve in a quick and efficient manner. This is a key role when it comes to onboarding new customers, maintaining the CSOC's infrastructure and continuous improvement.

Key Responsibilities

The analyst must have an in-depth knowledge, skills and work experience in a Security Operation Centre (SOC), Cloud infrastructure and security. Experience in using and managing SIEM, EDR, log and network analysis, Network security (Firewall, WAF, IDS/IPS), Infrastructure are vital for this role.
  • Monitor, analyze and report possible Cyber-attacks or intrusions, anomalous, and misuse activities.
  • Leverage variety of Cybersecurity tools (SIEM, EDR, and Sandbox) for analysis to identify malicious activity.
  • Creating queries/rules for specific searches, reports and alerts on SIEM. Contribute in updating, and tuning correlation rules and Security use cases. Contribute for improvement of alerts classification to minimize false positive.
  • Follow incident response process, document, and escalate security incidents. Stay up to date with security incident until closure.
  • Analyze identified malicious activity to determine Tactics, Techniques, and Procedures (TTPs), gather indicator of compromise (IOC) and any relevant information.
  • Conduct research, analysis and correlate gathered data from various sources to gain situational awareness and determine the impact of the incident.
  • Coordinate with other team (IT Security, network, system administrators, and end-user) to validate alerts or activities.
  • Provide daily summary reports of Cybersecurity incidents, operation statistics of monitoring tools, and latest Cybersecurity related news.
  • Perform trend analysis and develops metrics and reports on intelligence and incidents for management.
  • Contribute to the creation, update of Security Operation and incident response best practices, and processes.
  • Contribute with first responder actions, triaging and containing breaches.
  • Assist in securely collection of artifacts, analyze for malicious behavior and carry out analysis to determine the root cause of events.
  • Participate in threat-hunting activities, looking for anomalies. Ingest, analyze and contextualize data and turn that into intelligence for threat assessment and risk management.
  • Research latest known Cybersecurity incidents, gather IOC's and any relevant data to use with Threat hunting activities.
  • Provide advice on configuration of network security devices for service and security enhancement.
  • Support customer onboarding projects to ensure a successful transition to CSOC for security monitoring services.

Key Requirements
  • Minimum of 3 years of relevant experience in System or Network Architecture and Administration, or Security Analysts, Security Operations Center (SOC), or Incident Responder, Computer Emergency Response Team (CERT)
  • Currently holding one or more Cybersecurity industry recognized certifications from: (ISACA, ISC2, GIAC SANS, CompTIA Security+ or higher, Offensive-Security)
  • Knowledgeable with NIST Cybersecurity Framework (CSF), MITRE ATT&CK and d3fend.
  • Experience in building SOC processes, Playbooks, Correlation rules, and Incident report.
  • Alert triage, malware analysis, sanboxing, basic decoding and scripting.
  • Ability to install servers and network hardware in server rack if required.
  • Must have: at least or greater Splunk (Core Certified Power User) certification and IBM Qradar. Azure Sentinel (SC-200) and other SIEM certification is a plus.

Key Qualifications

  • Bachelor degree in engineering, computer science, cybersecurity, related IT field or equivalent experience.
  • Experience in building and assessing a secure infrastructure, Security Operation Centre, and Cloud infrastructure.
  • Experience working in a SOC environment (Internal or MSSP)
  • Experience monitoring enterprise environment. Operation Technology (OT) or ICS is a plus.
  • Strong understanding of security incident management, malware analysis and vulnerability management processes.
  • Security monitoring experience with one or more Cybersecurity and SIEM technologies - IBM QRadar, Splunk, Microsoft Sentinel, LogRhythm, intrusion detection and prevention (IDS/IPS), Endpoint detection and response (EDR), Data Loss Prevention (DLP), and threat intelligence platform (TIP).
  • Experience with SOAR platform: xSOAR, IBM Resilient, TheHive and Cortex
  • Strong written communication and presentation skills.
  • Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
  • Experienced in Cloud infrastructure and Cloud security monitoring is a plus.
  • Vendor specific training and certifications is a plus: IBM QRadar, Splunk, Palo Alto, Demisto, FireEye, Cisco, Microsoft Azure, Amazon (AWS)
  • Experience supporting one or various Cloud infrastructure (Azure, AWS, GCP or IBM Cloud) is a plus.
  • Must be analytical with detail-oriented analysis and great documentation skills.

Special Requirements:
  • Requires direct or indirect access to hardware, software, technology or technical data controlled under the Canadian Export Control List, the ITAR or the EAR
  • Requires a positive Controlled Goods assessment as you will have direct access to hardware, software, technology or technical data controlled under the Canadian Controlled Goods Program
  • Required to obtain and maintain a Security Clearance at the NATO Secret Level

Thales est un employeur offrant l'égalité des chances qui valorise la diversité et l'inclusion sur le lieu de travail. Thales s'engage à mettre en place des mesures d'adaptation tout au long du processus de recrutement. Les candidats sélectionnés pour une entrevue et ayant besoin de mesures d'adaptation sont priés de le faire savoir lors de l'invitation à l'entrevue; notre équipe travaillera volontiers avec chaque candidat pour répondre à ses besoins particuliers. Tous les renseignements relatifs aux mesures d'adaptation seront traités d'une manière confidentielle et utilisés uniquement dans le but d'offrir une expérience candidat adaptée.

Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.
Banking, Finance and Insurance