Listing Description
eSentire® is the global leader in Managed Detection and Response (MDR), keeping organizations safe from cyber-attacks that technology alone cannot prevent. Our 24x7 Security Operations Centre (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events.
We want to cut through the hype and overblown claims surrounding AI and ML to help our customers successfully tackle their biggest challenges utilizing human expertise at machine scale. We value each person’s unique contribution, so if you love to solve difficult problems--together--eSentire is the place for you.
The Global Security Operations Centre (GSOC) is central to eSentire’s Service Delivery Organisation (SDO). This organization delivers comprehensive security services to clients worldwide on a 24x7 basis. The successful candidate will perform Tier II security analysis tasks across the network, endpoint, log, and cloud security in a fast-paced and dynamic environment.
Requirements:
• Relevant degree in Computer Science, IT Security, IT Management, IT Support, or related discipline. The completed course must include a strong focus on networking and security.
• 3+ years’ full-time experience in a Security Operations Centre or similar Cyber Security Analysis role excluding time spent on an intern or work experience program
• Hands-on experience in at least one of the following Security domains;
o Network Security including Intrusion Detection Systems (IDS)
o Windows Endpoint Security, using EDR products such as VMware Carbon Black Response/Threat Hunter, Crowdstrike Falcon or Microsoft Defender ATP.
o SIEM/Log Management, using products such as SumoLogic, Splunk, or similar
• Knowledge and experience of network and endpoint security technologies including;
o Snort/Suricata, Packet Capture (PCAP) Analysis using Wireshark
o Windows system internals, knowledge of PowerShell
o Linux Kernel and basic scripting (Bash/Python) knowledge
• Analytical mind with strong attention to detail and a commitment to quality of service
• Strong customer-facing written and verbal communication skills with the ability to effectively communicate complex security concepts with end customers
• Demonstrated experience to confidently handle escalated client issues, diffuse challenging situations and deliver an optimal customer experience
• Natural ability to thrive in a fast-paced and time-sensitive environment
• Ability to work in an operational/shift-based environment with flexible working hours to include evenings and weekends
• Industry Certificates such as CompTIA Network/Security+, CEH, CCNA CyberOps or others are desirableCompleting more complex high priority/escalated client support tickets
Participating in Incident/Breach response investigations and deliver incident response reports and after-action reviews
Work on various internal projects/initiatives such as UAT of new SOC tools, working cross functionally with other teams/departments as a stakeholder for the Service Delivery Organisation
Writing or providing input to our Learning and Development team on KB Articles or training content
Delivering training modules and conducting assessments with new hires
Ongoing mentoring and coaching of Tier I Analysts
Participating in Quarterly Service Reviews (QSRs) with our Customer Success Team providing technical input from the SOC where necessary
Secondary review and approval of permanent signal filters, Global Blacklist IP Nominations and high priority client alerts
Critical Event Reviews – performing secondary audits of selected signals and following up with analysts and clients as necessary
Analyse incoming security signals in real time with a balance of accuracy and speed using a variety of forensic tools
Apply investigative tools, techniques and procedures (TTPs), use your understanding of the security threats associated with the incoming signals and follow defined Runbooks to determine and execute the relevant actions
Perform whitelisting/filtering of false positive signals
For confirmed true positive signals, you will alert clients using defined templates and escalate high priority alerts to clients by phone
Block malicious network traffic and isolate infected hosts on customers networks
Add malicious IOC’s to eSentire’s Global Blacklist for all customers where appropriate.
Complete basic-intermediate client support requests/queries assigned by the operations lead. Work directly with clients via email/phone as needed to complete these tasks
Handle some service administration and troubleshooting tasks
Listing Details
- Citizenship: Canadian Citizen
- Incentives: Bonus
- Education: No Requirements
- Travel: No Travel
- Telework: Full Telecommute